aws-cloudwatch-enum.md v1.1

pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-cloudwatch-enum.md

@@ -29,6 +29,102 @@ You can monitor for example logs from CloudTrail. Events that are monitored:
 * API calls that resulted in failed authorization
 * Filters to search in cloudwatch: [https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html)
 
+## Key concepts
+
+### Namespaces
+
+A namespace is a container for CloudWatch metrics. It helps to categorize and isolate metrics, making it easier to manage and analyze them.
+
+- **Examples**: AWS/EC2 for EC2-related metrics, AWS/RDS for RDS metrics.
+
+### Metrics
+
+Metrics are data points collected over time that represent the performance or utilization of AWS resources. Metrics can be collected from AWS services, custom applications, or third-party integrations.
+
+- **Example**: CPUUtilization, NetworkIn, DiskReadOps.
+
+### Dimensions
+
+Dimensions are key-value pairs that are part of metrics. They help to uniquely identify a metric and provide additional context, being 30 the most number of dimensions that can be associated with a metric. Dimensions also allow to filter and aggregate metrics based on specific attributes.
+
+- **Example**: For EC2 instances, dimensions might include InstanceId, InstanceType, and AvailabilityZone.
+
+### Statistics
+
+Statistics are mathematical calculations performed on metric data to summarize it over time. Common statistics include Average, Sum, Minimum, Maximum, and SampleCount.
+
+- **Example**: Calculating the average CPU utilization over a period of one hour.
+
+### Units
+
+Units are the measurement type associated with a metric. Units help to provide context and meaning to the metric data. Common units include Percent, Bytes, Seconds, Count.
+
+- **Example**: CPUUtilization might be measured in Percent, while NetworkIn might be measured in Bytes.
+
+## CloudWatch Features
+
+### Dashboard
+
+**CloudWatch Dashboards** provide customizable **views of your AWS CloudWatch metrics**. It is possible to create and configure dashboards to visualize data and monitor resources in a single view, combining different metrics from various AWS services.
+
+**Key Features**:
+
+- **Widgets**: Building blocks of dashboards, including graphs, text, alarms, and more.
+- **Customization**: Layout and content can be customized to fit specific monitoring needs.
+
+**Example Use Case**:
+
+- A single dashboard showing key metrics for your entire AWS environment, including EC2 instances, RDS databases, and S3 buckets.
+
+### Metric Stream and Metric Data
+
+**Metric Streams** in AWS CloudWatch enable you to continuously stream CloudWatch metrics to a destination of your choice in near real-time. This is particularly useful for advanced monitoring, analytics, and custom dashboards using tools outside of AWS.
+
+**Metric Data** inside Metric Streams refers to the actual measurements or data points that are being streamed. These data points represent various metrics like CPU utilization, memory usage, etc., for AWS resources.
+
+**Example Use Case**:
+
+- Sending real-time metrics to a third-party monitoring service for advanced analysis.
+- Archiving metrics in an Amazon S3 bucket for long-term storage and compliance.
+
+### Alarm
+
+**CloudWatch Alarms** monitor your metrics and perform actions based on predefined thresholds. When a metric breaches a threshold, the alarm can perform one or more actions such as sending notifications via SNS, triggering an auto-scaling policy, or running an AWS Lambda function.
+
+**Key Components**:
+
+- **Threshold**: The value at which the alarm triggers.
+- **Evaluation Periods**: The number of periods over which data is evaluated.
+- **Datapoints to Alarm**: The number of periods with a reached threshold needed to trigger the alarm
+- **Actions**: What happens when an alarm state is triggered (e.g., notify via SNS).
+
+**Example Use Case**:
+
+- Monitoring EC2 instance CPU utilization and sending a notification via SNS if it exceeds 80% for 5 consecutive minutes.
+
+### Anomaly Detectors
+
+**Anomaly Detectors** use machine learning to automatically detect anomalies in your metrics. You can apply anomaly detection to any CloudWatch metric to identify deviations from normal patterns that might indicate issues.
+
+**Key Components**:
+
+- **Model Training**: CloudWatch uses historical data to train a model and establish what normal behavior looks like.
+- **Anomaly Detection Band**: A visual representation of the expected range of values for a metric.
+
+**Example Use Case**:
+
+- Detecting unusual CPU utilization patterns in an EC2 instance that might indicate a security breach or application issue.
+
+### Insight Rules and Managed Insight Rules
+
+**Insight Rules** allow you to identify trends, detect spikes, or other patterns of interest in your metric data using **powerful mathematical expressions** to define the conditions under which actions should be taken. These rules can help you identify anomalies or unusual behaviors in your resource performance and utilization.
+
+**Managed Insight Rules** are pre-configured **insight rules provided by AWS**. They are designed to monitor specific AWS services or common use cases and can be enabled without needing detailed configuration.
+
+**Example Use Case**:
+
+- Monitoring RDS Performance: Enable a managed insight rule for Amazon RDS that monitors key performance indicators such as CPU utilization, memory usage, and disk I/O. If any of these metrics exceed safe operational thresholds, the rule can trigger an alert or automated mitigation action.
+
 ### CloudWatch Logs <a href="#cloudwatch-logs" id="cloudwatch-logs"></a>
 
 Allows to **aggregate and monitor logs from applications** and systems from **AWS services** (including CloudTrail) and **from apps/systems** (**CloudWatch Agen**t can be installed on a host). Logs can be **stored indefinitely** (depending on the Log Group settings) and can be exported.