Title

The API Gateway must generate audit records of what type of events occurred. (Cat II impact)

Discussion

By recording the details of each event, the gateway can track and log specific actions such as authentication attempts, authorization checks, request routing, rate limiting, and error handling. These records provide valuable insights into the API's behavior, helping to detect unauthorized access, security breaches, or misuse of system resources.

Check Content

If an API Gateway is not in use, this is Not Applicable. Verify the API Gateway generates audit records of what type of events occurred. 1. Inspect the API Gateway's configuration settings and verify logging is enabled and audit records are being generated for key events such as authentication, authorization, data access, and errors. 2. Make a valid API request and verify successful events are logged. 3. Simulate system errors by causing the API to fail under specific conditions (e.g., database unavailability, timeout errors, internal exceptions). 4. Check the audit or access logs in the API Gateway or logging platform (e.g., AWS CloudWatch, Splunk, ELK stack). Verify the logs contain entries for the triggered events. 5. Inspect the log entries for the following: - Event Type: The event’s description or category (e.g., authentication attempt, data access, system error). If the API Gateway does not generate audit records for the type of event, this is a finding.

Fix Text

Build or configure the API Gateway to audit what type of events occurred.

Additional Identifiers

Rule ID: SV-274522r1143515_rule

Vulnerability ID: V-274522

Group Title: SRG-APP-000095

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.