Monthly Reminder to Check Audit Logs. #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Monthly Reminder to Check Audit Logs. | |
| on: | |
| workflow_dispatch: | |
| # Runs on the first day of the month | |
| schedule: | |
| - cron: '10 0 1 * *' | |
| jobs: | |
| #Add Reminder issue to github issues on analytics.usa.gov repo. | |
| add_reminder: | |
| runs-on: ubuntu-latest | |
| environment: develop | |
| permissions: | |
| contents: read | |
| issues: write | |
| steps: | |
| - name: Set yesterday's month | |
| run: echo "YESTERDAY=$(date --date='1 day ago' '+%Y-%m')" >> "$GITHUB_ENV" | |
| - name: Create audit log review issue | |
| run: | | |
| gh issue create \ | |
| --title "$TITLE" \ | |
| --assignee "$ASSIGNEES" \ | |
| --label "$LABELS" \ | |
| --body "$BODY" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| TITLE: REMINDER! Review audit logs for month ${{ env.YESTERDAY }} | |
| ASSIGNEES: sanason | |
| LABELS: audit-log-review | |
| BODY: | | |
| This issue is an automated monthly reminder to review the audit logs of all DAP systems for indications of inappropriate or unusual activity. | |
| # Acceptance criteria | |
| 1. Complete and check off each of the tasks in the Audit Tasks list. Keep a list of any findings. | |
| 2. If there are any findings in your list, email them to: | |
| - [email protected] (ISSM) | |
| - [email protected] (ISSO) | |
| - [email protected] (System owner) | |
| 3. Close the ticket with a comment "Closed with findings" or "Closed without findings", as appropriate. Feel free to add any other comments as well. | |
| # Audit Tasks | |
| - [ ] **Cloud.gov**: Review Cloud Foundry events in the 'gsa-opp-analytics' organization. See https://cloud.gov/docs/compliance/auditing-activity/. | |
| - [ ] **Cloud.gov**: Verify ssh disabled for production applications and spaces. | |
| - [ ] **Google Analytics**: Review the GA4 Account Change History (viewing instructions at https://support.google.com/analytics/answer/9305465?hl=en). | |
| - [ ] **AWS**: Review CloudTrail logs for AWS S3 and CloudFront. | |
| - [ ] **New Relic**: Review NrAuditEvent events for 'analytics.usa.gov' account. |