Checks/Aws/Test-CloudwatchLogMetricFilterUnauthorizedApiCalls.ps1
|
function Test-CloudwatchLogMetricFilterUnauthorizedApiCalls { <# .SYNOPSIS CloudWatch Logs metric filter and alarm exist for unauthorized API calls .DESCRIPTION **CloudWatch Logs** for CloudTrail include a metric filter that matches unauthorized API errors (`$.errorCode="*UnauthorizedOperation"` or `$.errorCode="AccessDenied*"`) and a linked alarm that triggers when events match the filter. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: cloudwatch_log_metric_filter_unauthorized_api_calls [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check cloudwatch_log_metric_filter_unauthorized_api_calls for reference.', 'N/A', 'cloudwatch Resources') } |