Quick Start Security for Akeyless
Thank you!
We got your information.
Coralogix Extension For Akeyless Includes:
Alerts - 22
Stay on top of Akeyless key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Attempt of Retrieving a non existing Secret
This alert will trigger in case of an attempt at retrieving a non existing secret from Akeyless. An attempt was made to retrieve a non-existing secret in a keyless system. This could indicate a probing or reconnaissance activity aimed at identifying potential vulnerabilities or misconfigurations in the system. Impact Monitoring and Logging: Ensure comprehensive logging of all access attempts to secrets, including failed attempts. This helps in detecting unusual or malicious activities early. Access Controls: Implement strict access controls to secrets based on the principle of least privilege. Ensure that only authorized entities have access to secrets and that access is granted based on a need-to-know basis. Mitigation Improve error handling mechanisms to avoid leaking information about the existence or non-existence of secrets through error messages or API responses. Mitre tactic: TA0006 Mitre technique : T1012
Excessive Secret Retrieval
Akeyless has detected excessive secret retrievals from the system. This may indicate unauthorized access attempts or a potential compromise of access credentials. Impact Excessive secret retrievals can lead to the exposure of sensitive information such as passwords, API keys, or cryptographic keys, compromising the confidentiality and integrity of systems and data. Continuous retrieval attempts can overload the secret management infrastructure, leading to operational disruptions and denial of service for legitimate requests. Mitigation Implement robust logging and monitoring of secret retrieval activities. Use anomaly detection techniques to identify patterns indicative of excessive retrievals. Regularly rotate and invalidate compromised or excessively accessed credentials to limit the impact of potential exposures. Mitre tactic : TA0006 Mitre technique : T1021
Secret Deleted
Akeyless has detected a secret deletion event from the system. This indicates that a sensitive piece of information, such as a password, API key, or cryptographic key, has been intentionally removed from the secret management repository. Impact Depending on the importance of the deleted secret, its removal can disrupt operations that rely on it for authentication, encryption, or other critical functions. Deletion of secrets may compromise data integrity if applications or services can no longer access necessary resources securely. Unauthorized deletion could signal a security incident, potentially involving insider threats or compromised credentials. Mitigation Logging and Auditing: Maintain comprehensive logs of all secret management activities, including creation, modification, and deletion events. Regularly review these logs to detect unauthorized or suspicious activities promptly. Mitre tactic: TA0006 Mitre technique : T1012
Invalid Response Code
This alert will trigger when an an Akeyless action with a response code other than 100-399 is logged.Akeyless has detected an invalid response code from a secret retrieval request. This alert indicates that a request for a secret, such as a password, API key, or cryptographic key, did not receive the expected response code, possibly due to a misconfiguration, system issue, or a potential security incident. Impact Operational Disruption: Invalid response codes can disrupt applications or services that rely on secrets for authentication or encryption. This disruption may lead to service downtime or degraded performance. Security Risk: Unexpected response codes could indicate attempts to exploit vulnerabilities in secret management systems, such as injection attacks or unauthorized access attempts. Mitigation Implement robust error handling mechanisms to capture and log all response codes and errors encountered during secret retrieval attempts. Analyze these logs regularly to detect anomalies or patterns indicative of potential security incidents. Mitre Tactic : TA0006 Mitre technique : T1012
Failed Authentication
This alert will trigger in cases of failed authentication event occurs (response code 401). This alert indicates that an entity, such as a user or application, has unsuccessfully attempted to authenticate to access secrets managed by Akeyless. Impact Multiple failed authentication attempts could indicate brute-force attacks or unauthorized access attempts by malicious actors attempting to gain access to sensitive secrets. If authentication attempts involve exposed credentials (e.g., API keys or passwords), repeated failures could potentially lead to credential compromise or account lockouts. Mitigation Implement strong authentication mechanisms, such as multi-factor authentication (MFA), for accessing secrets managed by Akeyless. MFA adds an additional layer of security by requiring multiple forms of verification. Mitre tactic : TA0006 Mitre technique : T1012
Item Dissociated with a Target
This alert indicates that there has been a change in the association between a specific item and the entity or resource it was intended to secure or manage. Impact Dissociation of items from their intended targets can lead to access control issues, potentially allowing unauthorized entities or applications to gain access to sensitive information. If dissociation is unauthorized or unintended, it may indicate a configuration error, a mismanaged change, or potentially malicious activity aimed at compromising system integrity or data confidentiality. Mitigation Implement comprehensive auditing and monitoring of all item associations and dissociations within Akeyless. Regularly review audit logs to detect unauthorized changes or anomalies in item-target relationships. Mitre tactic : TA0006 Mitre technique : T1012
Item Associated with a Target
This alert indicates that there has been a change in the association between a specific item and the entity or resource it was intended to secure or manage. Impact Dissociation of items from their intended targets can lead to access control issues, potentially allowing unauthorized entities or applications to gain access to sensitive information. If dissociation is unauthorized or unintended, it may indicate a configuration error, a mismanaged change, or potentially malicious activity aimed at compromising system integrity or data confidentiality. Mitigation Implement comprehensive auditing and monitoring of all item associations and dissociations within Akeyless. Regularly review audit logs to detect unauthorized changes or anomalies in item-target relationships. Mitre tactic : TA0006 Mitre technique : T1012
Multiple Targets Deleted
The alert "Akeyless - Multiple Targets Deleted" typically indicates that multiple targets (such as encryption keys, secrets, or other sensitive data) have been deleted within the Akeyless system. Here’s how you can understand its impact and mitigate any potential risks: Impact The deletion of multiple targets could lead to significant data loss, especially if these targets were critical for encryption, authentication, or access control. If the deletion was unauthorized or accidental, it may indicate a security breach or a misconfiguration that allowed unauthorized access. Mitigation Immediately investigate the cause and extent of the deletions. Determine if it was intentional, accidental, or due to a system malfunction. If there is ongoing unauthorized activity, contain the incident by disabling further deletions and securing the affected systems. Mitre tactic : TA0006 Mitre technique : T1012
Target Deleted
The alert "Akeyless - Targets Deleted" typically indicates that multiple targets (such as encryption keys, secrets, or other sensitive data) have been deleted within the Akeyless system. Here’s how you can understand its impact and mitigate any potential risks: Impact The deletion of targets could lead to significant data loss, especially if these targets were critical for encryption, authentication, or access control. If the deletion was unauthorized or accidental, it may indicate a security breach or a misconfiguration that allowed unauthorized access. Mitigation Immediately investigate the cause and extent of the deletions. Determine if it was intentional, accidental, or due to a system malfunction. If there is ongoing unauthorized activity, contain the incident by disabling further deletions and securing the affected systems. Mitre tactic : TA0006 Mitre technique : T1012
Target Updated
The alert "Akeyless - Targets Updated" typically indicates that multiple targets (such as encryption keys, secrets, or other sensitive data) have been updated within the Akeyless system. Here’s how you can understand its impact and mitigate any potential risks: Impact The update of targets could lead to significant data loss, especially if these targets were critical for encryption, authentication, or access control. If the updation was unauthorized or accidental, it may indicate a security breach or a misconfiguration that allowed unauthorized access. Mitigation Immediately investigate the cause and extent of the updation. Determine if it was intentional, accidental, or due to a system malfunction. If there is ongoing unauthorized activity, contain the incident by disabling further updations and securing the affected systems. Mitre tactic : TA0006 Mitre technique : T1012
Bulk Transfer of Items Detected
The alert "Akeyless - Bulk transfer of items detected" typically indicates that a significant number of items (such as encryption keys, secrets, or other sensitive data) have been transferred within the Akeyless system. Here’s how you can understand its impact and mitigate any potential risks: Impact The bulk transfer of items could lead to sensitive data being exposed to unauthorized parties if the transfer was not authorized or secure. Unauthorized bulk transfers may indicate a security breach where an attacker has gained access to sensitive information and is attempting to exfiltrate it. Mitigation Immediately investigate the cause and scope of the bulk transfer. Determine if it was authorized or if it indicates unauthorized access. Mitre Tactic : TA0006 Mitre technique : T1012
Deleted Role Association With Authentication Method
The alert "Akeyless - Deleted Role Association With Authentication Method" indicates that the association between a role and an authentication method within the Akeyless system has been deleted. Here’s how you can understand its impact and mitigate any potential risks: Impact The deletion of the role association with an authentication method can lead to access control issues. Users assigned to that role may no longer be able to authenticate properly, affecting their ability to access sensitive resources. If the deletion was unauthorized or accidental, it may indicate a security vulnerability where roles and associated authentication methods can be manipulated without proper authorization. Mitigation Immediately investigate the cause of the deleted role association. Determine if it was intentional, accidental, or due to a system malfunction. Mitre tactic : TA0006 Mitre technique : T1012
Role Associated With Authentication Method
The alert "Akeyless - Role Association With Authentication Method" indicates that the association between a role and an authentication method within the Akeyless system has been created. Here’s how you can understand its impact and mitigate any potential risks: Impact The role association with an authentication method can lead to access control issues. Users assigned to that role may no longer be able to authenticate properly, affecting their ability to access sensitive resources. If the creation was unauthorized or accidental, it may indicate a security vulnerability where roles and associated authentication methods can be manipulated without proper authorization. Mitigation Immediately investigate the cause of the role association. Determine if it was intentional, accidental, or due to a system malfunction. Mitre tactic : TA0006 Mitre technique : T1012
Authentication Methods Deleted
The alert "Akeyless - Authentication Methods Deleted" indicates that one or more authentication methods within the Akeyless system have been deleted. Here’s how you can understand its impact and mitigate any potential risks: Impact The deletion of authentication methods can lead to access disruptions for users and systems that rely on those methods for authentication. This can prevent users from accessing critical resources and services. Unauthorized or accidental deletion of authentication methods can create security vulnerabilities. It may allow unauthorized access if the deleted method was used for authenticating sensitive operations or data access. Mitigation Immediately investigate the cause and extent of the deleted authentication methods. Determine if it was intentional, accidental, or due to a security breach. Mitre tactic : TA0006 Mitre technique : T1012
Authentication Method Created
The alert "Akeyless - Authentication Methods created" indicates that one or more authentication methods within the Akeyless system have been created. Here’s how you can understand its impact and mitigate any potential risks: Impact The creation of authentication methods can lead to access disruptions for users and systems that rely on those methods for authentication. This can prevent users from accessing critical resources and services. Unauthorized or accidental creation of authentication methods can create security vulnerabilities. It may allow unauthorized access if the creted method was used for authenticating sensitive operations or data access. Mitigation Immediately investigate the cause and extent of the created authentication methods. Determine if it was intentional, accidental, or due to a security breach. Mitre tactic : TA0006 Mitre technique : T1012
Multiple Failed Authentication Detected
The alert "Akeyless - Multiple Failed Authentication Detected" indicates that one or more authentication methods within the Akeyless system have been deleted. Here’s how you can understand its impact and mitigate any potential risks: Impact The deletion of authentication methods can lead to access disruptions for users and systems that rely on those methods for authentication. This can prevent users from accessing critical resources and services. Unauthorized or accidental deletion of authentication methods can create security vulnerabilities. It may allow unauthorized access if the deleted method was used for authenticating sensitive operations or data access. Mitigation Immediately investigate the cause and extent of the deleted authentication methods. Determine if it was intentional, accidental, or due to a security breach. Mitre tactic : TA0006 Mitre technique : T1012
Multiple Roles Deleted
The alert "Akeyless - Multiple Roles Deleted" indicates that multiple roles within the Akeyless system have been deleted. Here’s how you can understand its impact and mitigate any potential risks associated with this incident: Impact The deletion of multiple roles can lead to significant access disruptions across your organization. Users assigned to these roles may lose access to critical resources, systems, or data they need to perform their tasks. Depending on the roles deleted, sensitive data and resources may be left unprotected or accessible to unauthorized users. This can pose a serious security risk if roles with access to sensitive information were deleted. Mitigation Investigate: Immediately investigate the cause and scope of the deleted roles. Determine if the deletion was intentional, accidental, or due to unauthorized access. Mitre tactic : TA0006 Mitre technique : T1012
Role Deleted
The alert "Akeyless -Roles Deleted" indicates that roles within the Akeyless system have been deleted. Here’s how you can understand its impact and mitigate any potential risks associated with this incident: Impact The deletion of role can lead to significant access disruptions across your organization. Users assigned to these roles may lose access to critical resources, systems, or data they need to perform their tasks. Depending on the roles deleted, sensitive data and resources may be left unprotected or accessible to unauthorized users. This can pose a serious security risk if roles with access to sensitive information were deleted. Mitigation Investigate: Immediately investigate the cause and scope of the deleted roles. Determine if the deletion was intentional, accidental, or due to unauthorized access. Mitre tactic : TA0006 Mitre technique : T1012
Role Created
The alert "Akeyless -Roles created" indicates that roles within the Akeyless system have been created. Impact The creation of role can lead to significant access disruptions across your organization. Users assigned to these roles may lose access to critical resources, systems, or data they need to perform their tasks. Depending on the roles created, sensitive data and resources may be left unprotected or accessible to unauthorized users. This can pose a serious security risk if roles with access to sensitive information were deleted. Mitigation Investigate: Immediately investigate the cause and scope of the created roles. Determine if the creation was intentional, accidental, or due to unauthorized access. Mitre tactic : TA0006 Mitre technique : T1012
Role Updated
The alert "Akeyless -Roles updated" indicates that roles within the Akeyless system have been created. Impact The updation of role can lead to significant access disruptions across your organization. Users assigned to these roles may lose access to critical resources, systems, or data they need to perform their tasks. Depending on the roles updated, sensitive data and resources may be left unprotected or accessible to unauthorized users. This can pose a serious security risk if roles with access to sensitive information were deleted. Mitigation Investigate: Immediately investigate the cause and scope of the updated roles. Determine if the updation was intentional, accidental, or due to unauthorized access. Mitre tactic : TA0006 Mitre technique : T1012
Secret Exported/Shared
The alert "Akeyless - Secret Exported/Shared" indicates that a secret or sensitive information managed by Akeyless has been exported or shared outside of the authorized channels or recipients. Here’s how you can understand its impact and mitigate any potential risks associated with this incident: Impact The export or sharing of secrets can lead to sensitive information being exposed to unauthorized individuals or systems. This can compromise the confidentiality of the data. Mitigation Immediately investigate the circumstances surrounding the export or sharing of the secret. Determine if it was authorized or if it indicates unauthorized access. Mitre tactic : TA0006 Mitre technique : T1012
Console Activity Detected
This alert will trigger when Akeyless console activity is detected . The alert "Akeyless - Console Activity Detected" typically indicates that there has been activity or interaction within the Akeyless management console that warrants attention. Impact Console activity alerts may indicate unauthorized access or actions within the Akeyless system. This could potentially lead to data breaches, unauthorized changes, or misuse of sensitive information. Mitigation Investigate: Immediately investigate the console activity that triggered the alert. Determine the nature and intent of the activity—whether it was authorized or unauthorized. Mitre tactic : TA0006 Mitre technique : T1012
Integration
Learn more about Coralogix's out-of-the-box integration with Akeyless in our documentation.