Leadline Inc.CM-03: Production Change Monitoring and Audit Logging
Automated alerts for production changes and comprehensive audit logging for in-scope applications
Control Description
Automated alerts are sent to IT personnel when changes are implemented into the production environment related to the in-scope applications and related databases. Audit logging is enabled on the production environment related to the in-scope applications and related databases to provide management with an audit trail in the event of any issues within production.
Plain Meaning
This control ensures that any changes made to your production systems are immediately visible to your IT team through automated notifications. It also requires keeping detailed logs of all activities in production so you can track what happened if something goes wrong. This helps maintain security and provides evidence for compliance audits.
Implementation Examples
Prometheus Alerting Rules
# prometheus/alerting-rules.yaml
groups:
- name: production-changes
rules:
- alert: ProductionDeploymentDetected
expr: changes(kube_deployment_status_replicas_available{namespace="production"}[5m]) > 0
for: 1m
labels:
severity: warning
annotations:
summary: "Production deployment change detected"
description: "Deployment {{ $labels.deployment }} in production namespace has changed"
- alert: DatabaseSchemaChange
expr: changes(pg_stat_database_xact_commit{datname=~"production.*"}[5m]) > 0
for: 1m
labels:
severity: critical
annotations:
summary: "Database schema change detected"
description: "Schema change detected in production database {{ $labels.datname }}"