R-051-001 API event logs 2023_001

• Governed by GP-051 Security violations
• Comes from template T-051-001 API event logs

Purpose

Review API events logs looking for suspicious actions

Periodicity

Every 2 weeks

AWS CloudTrail review

Responsible	Date	Event history review	Insights review
Javier Jimenez	2023/01/10	OK	OK
Javier Jimenez Magro	2023/10/02	OK	OK
Javier Jimenez Magro	2023/10/16	OK	OK
Javier Jimenez Magro	2023/10/30	OK	OK
Javier Jimenez Magro	2023/11/13	OK	OK
Javier Jimenez Magro	2023/11/27	OK	OK
Javier Jimenez Magro	2023/12/11	OK	OK
Javier Jimenez Magro	2023/12/22	OK	OK
Javier Jimenez Magro	2024/01/08	OK	OK
Javier Jimenez Magro	2024/01/22	OK	OK
Javier Jimenez Magro	2024/02/05	OK	OK
Javier Jimenez Magro	2024/02/19	OK	OK

Help

At the review columns it will be indicated if the review was satisfactory (OK) or if any unexpected action was detected (see below). In this case the reference of the incidence (according to procedure GP-018 Infrastructure and facilities) or non-conformity (GP-006 Non-conformity. Corrective and Preventive actions) was included to allow traceability of the actions.

Criteria for acceptance

The logs are reviewed and no suspicious actions are detected:

• Each user is connecting from the expected IP.
• Users are performing the expected actions.

List of unexpected actions:

• Changing other user's credentials.
• Creating new users with administrator permissions.
• Accessing resources that are not part of the project.
• Deleting critical resources as buckets, databases or EC2 instances.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

• Author: Team members involved
• Reviewer: JD-003, JD-004
• Approver: JD-001