[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for Amazon Athena

Amazon Athena
Amazon Athena icon

Coralogix Extension For Amazon Athena Includes:

Alerts - 7

Stay on top of Amazon Athena key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Start query execution by a new user

This alert detects query execution by a new user in Amazon Athena. Query execution involves sending a question or request to a database, which then processes the query and provides relevant information as results. Impact This alert indicates the initiation of a query execution by a new user in Amazon Athena. The query execution may be a legitimate action performed by the user or could involve unfamiliar query activity that needs further investigation to determine its intent and potential impact. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1078

Query result access by a new user

This rule detects access to query results by a new user. Impact This alert indicates that a new user has accessed query results in Amazon Athena. While this could be for valid data analysis purposes, it's important to verify that the user's actions are authorized and not involving any unauthorized data access or misuse. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1078

Data catalog deletion detected

This rule detects deletion of a data catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. Impact This alert indicates potential risks to data availability, query performance, and metadata integrity within Amazon Athena, as the deletion of data catalogs could lead to disrupted data access and compromised query functionality. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic:TA0040 MITRE Technique:T1485

More than 10 failed access attempts in 5 minutes to data catalog

This rule detects more than 10 failed access attempts by a single user within a 5 minute period to the AWS Data Catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. Impact This alert can indicate potential brute force or unauthorized access attempts. Mitigation Investigate the cause of the increased failed access attempts, ensure proper access controls are in place, and consider implementing strong authentication mechanisms such as IAM to prevent brute force or unauthorized access attempts. MITRE Tactic: TA0001 MITRE Technique: T1110

More than 10 failed access attempts in 5 minutes to workgroups

This rule detects more than 10 failed access attempts by a single user in 5 minutes interval for work groups. Athena workgroups are logical isolation units that help manage query execution resources, access control, and query history for different groups of users or applications in AWS Athena.n Impact This alert can indicate potential brute force or unauthorized access attempts. Mitigation Investigate the cause of the increased failed access attempts, ensure proper access controls are in place, and consider implementing strong authentication mechanisms such as IAM to prevent brute force or unauthorized access attempts. MITRE Tactic: TA0001 MITRE Technique: T1110

Unauthorized query execution

This rule detects attempt to execute unauthorized query in Amazon Athena. Impact Unauthorized query execution could lead to unauthorized access to sensitive data, data leakage, or potential disruptions in query performance and resource utilization. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0006 MITRE Technique: T1562

Excessive data catalog deletion detected

This alert triggers when a single user attempts more than 10 deletions within a 5-minute interval in the AWS Data Catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. impact This alert indicates an abnormal pattern of excessive data catalog deletions, which can potentially disrupt data management operations, cause loss of important metadata, and may suggest unauthorized or malicious activity. Mitigation Investigate the reason for the high volume of data catalog deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Integration

Learn more about Coralogix's out-of-the-box integration with Amazon Athena in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3