diff --git a/README.md b/README.md index 0121f8fa9c..f33dad90ee 100644 --- a/README.md +++ b/README.md @@ -186,8 +186,6 @@ Instead of using default policy SecurityAudit for the account you use for checks "cloudtrail:gettrailstatus", "cloudtrail:listtags", "cloudwatch:describe*", - "cloudwatchlogs:describeloggroups", - "cloudwatchlogs:describemetricfilters", "codecommit:batchgetrepositories", "codecommit:getbranch", "codecommit:getobjectidentifier", @@ -229,7 +227,8 @@ Instead of using default policy SecurityAudit for the account you use for checks "kms:list*", "lambda:getpolicy", "lambda:listfunctions", - "logs:DescribeMetricFilters", + "logs:DescribeLogGroups", + "logs:DescribeMetricFilters", "rds:describe*", "rds:downloaddblogfileportion", "rds:listtagsforresource", @@ -294,9 +293,9 @@ Alternatively, here is a policy which defines the permissions which are NOT pres "Action": [ "acm:DescribeCertificate", "acm:ListCertificates", - "cloudwatchlogs:describeLogGroups", - "cloudwatchlogs:DescribeMetricFilters", "es:DescribeElasticsearchDomainConfig", + "logs:DescribeLogGroups", + "logs:DescribeMetricFilters", "ses:GetIdentityVerificationAttributes", "sns:ListSubscriptionsByTopic" ], diff --git a/prowler-policy-additions.json b/prowler-policy-additions.json index 66ba909c43..0732fd8436 100644 --- a/prowler-policy-additions.json +++ b/prowler-policy-additions.json @@ -5,9 +5,9 @@ "Action": [ "acm:describecertificate", "acm:listcertificates", - "cloudwatchlogs:describeloggroups", - "cloudwatchlogs:describemetricfilters", "es:describeelasticsearchdomainconfig", + "logs:DescribeLogGroups", + "logs:DescribeMetricFilters", "ses:getidentityverificationattributes", "sns:listsubscriptionsbytopic", "guardduty:ListDetectors"