This event detects a network gateway change.
Why this Event is Important
A network gateway is the entry point into the AWS environment. Most of the time this can be benign and as a part of a scheduled change. Sometimes, however, this may indicate a DOS (Denial Of Service) or DDOS (Distributed Denial Of Service) where an attacker might try to forward the network traffic to a malicious gateway, causing loss of availability.
Analyze the logs to look for any unauthorized gateways. If you have any WAFs (Web Application Firewalls), review the rules and modify the ones that increase exposure.
Ensure that all allowed gateways are documented and that these changes are made by authorized personnel.