Managing security and compliance with Event Streams
Event Streams is integrated with the Security and Compliance Center to help you manage security and compliance for your organization.
With the Security and Compliance Center, you can do the following:
- Monitor for controls and goals that pertain to Event Streams.
- Define rules for Event Streams that can help to standardize resource configuration.
Security and Compliance Center is only applicable to the Enterprise plan.
Monitoring security and compliance posture with Event Streams
As a security or compliance focal, use the Event Streams goals to help ensure that your organization is adhering to the external and internal standards for your industry. By using the Security and Compliance Center to validate the resource configurations in your account against a profileA specification of a resource's capacities and capabilities. Different profiles are optimized for different workloads and use cases. A resource's pricing model might depend on its profile., identify potential issues as they arise.
All of the goals for Event Streams are added to the IBM Cloud Control Library but can also be mapped to other profiles.
To start monitoring your resources, check out Getting started with Security and Compliance Center.
Available goals for Event Streams
- Check whether Event Streams is accessible through public endpoints.
- Check whether Event Streams is accessible only by using private endpoints.
- Check whether Event Streams network access is restricted to a specific IP range.
- Check whether Event Streams is enabled with customer-managed encryption and Keep Your Own Key (KYOK).
Governing Event Streams resource configuration
As a security or compliance focal, use the Security and Compliance Center to define configuration rules for the instances of Event Streams that you create.
Config rulesA JSON document that defines the configuration of resources and validates the compliance based on security requirements when a resource is created or modified. are used to enforce the configuration standards that you want to implement across your accounts. To learn more about the data that you can use to create a rule for Event Streams, review the following table.
| Resource type | Property | Operator | Value | Description |
|---|---|---|---|---|
| Instance | public_network_enabled | is_true is_false |
|
Indicates whether access to a Event Streams instance is allowed through a public network. |
| Instance | private_network_enabled | is_true is_false |
|
Indicates whether access to a Event Streams instance is allowed through a private network. |
| Instance | private_access_allowlist | ips_in_range |
|
If private networking is enabled, this property indicates whether access to a Event Streams instance should be restricted to a specific range of private IP CIDR formatted subnets. |
To learn more about defining config rules, check out Defining custom rules.