Quick Start Security for Amazon Athena
Thank you!
We got your information.
Coralogix Extension For Amazon Athena Includes:
Alerts - 6
Stay on top of Amazon Athena key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Start query execution by a new user
This alert detects query execution by a new user in Amazon Athena. Query execution involves sending a question or request to a database, which then processes the query and provides relevant information as results. Impact This alert indicates the initiation of a query execution by a new user in Amazon Athena. The query execution may be a legitimate action performed by the user or could involve unfamiliar query activity that needs further investigation to determine its intent and potential impact. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1078
Query result access by a new user
This rule detects access to query results by a new user. Impact This alert indicates that a new user has accessed query results in Amazon Athena. While this could be for valid data analysis purposes, it's important to verify that the user's actions are authorized and not involving any unauthorized data access or misuse. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1078
Data catalog deletion detected
This rule detects deletion of a data catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. Impact This alert indicates potential risks to data availability, query performance, and metadata integrity within Amazon Athena, as the deletion of data catalogs could lead to disrupted data access and compromised query functionality. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic:TA0040 MITRE Technique:T1485
More than 10 failed access attempts in 5 minutes to data catalog
This rule detects more than 10 failed access attempts by a single user within a 5 minute period to the AWS Data Catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. Impact This alert can indicate potential brute force or unauthorized access attempts. Mitigation Investigate the cause of the increased failed access attempts, ensure proper access controls are in place, and consider implementing strong authentication mechanisms such as IAM to prevent brute force or unauthorized access attempts. MITRE Tactic: TA0001 MITRE Technique: T1110
More than 10 failed access attempts in 5 minutes to workgroups
This rule detects more than 10 failed access attempts by a single user in 5 minutes interval for work groups. Athena workgroups are logical isolation units that help manage query execution resources, access control, and query history for different groups of users or applications in AWS Athena.n Impact This alert can indicate potential brute force or unauthorized access attempts. Mitigation Investigate the cause of the increased failed access attempts, ensure proper access controls are in place, and consider implementing strong authentication mechanisms such as IAM to prevent brute force or unauthorized access attempts. MITRE Tactic: TA0001 MITRE Technique: T1110
Excessive data catalog deletion detected
This alert triggers when a single user attempts more than 10 deletions within a 5-minute interval in the AWS Data Catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. impact This alert indicates an abnormal pattern of excessive data catalog deletions, which can potentially disrupt data management operations, cause loss of important metadata, and may suggest unauthorized or malicious activity. Mitigation Investigate the reason for the high volume of data catalog deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485
Integration
Learn more about Coralogix's out-of-the-box integration with Amazon Athena in our documentation.