Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Amazon Athena

Amazon Athena
Amazon Athena icon

Out-of-the-Box Security For Amazon Athena Includes:

Alerts - 7

Stay on top of Amazon Athena key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Start query execution by a new user

This alert detects query execution by a new user in Amazon Athena. Query execution involves sending a question or request to a database, which then processes the query and provides relevant information as results. Impact This alert indicates the initiation of a query execution by a new user in Amazon Athena. The query execution may be a legitimate action performed by the user or could involve unfamiliar query activity that needs further investigation to determine its intent and potential impact. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1078

Query result access by a new user

This rule detects access to query results by a new user. Impact This alert indicates that a new user has accessed query results in Amazon Athena. While this could be for valid data analysis purposes, it's important to verify that the user's actions are authorized and not involving any unauthorized data access or misuse. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1078

Data catalog deletion detected

This rule detects deletion of a data catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. Impact This alert indicates potential risks to data availability, query performance, and metadata integrity within Amazon Athena, as the deletion of data catalogs could lead to disrupted data access and compromised query functionality. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic:TA0040 MITRE Technique:T1485

More than 10 failed access attempts in 5 minutes to data catalog

This rule detects more than 10 failed access attempts by a single user within a 5 minute period to the AWS Data Catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. Impact This alert can indicate potential brute force or unauthorized access attempts. Mitigation Investigate the cause of the increased failed access attempts, ensure proper access controls are in place, and consider implementing strong authentication mechanisms such as IAM to prevent brute force or unauthorized access attempts. MITRE Tactic: TA0001 MITRE Technique: T1110

More than 10 failed access attempts in 5 minutes to workgroups

This rule detects more than 10 failed access attempts by a single user in 5 minutes interval for work groups. Athena workgroups are logical isolation units that help manage query execution resources, access control, and query history for different groups of users or applications in AWS Athena.n Impact This alert can indicate potential brute force or unauthorized access attempts. Mitigation Investigate the cause of the increased failed access attempts, ensure proper access controls are in place, and consider implementing strong authentication mechanisms such as IAM to prevent brute force or unauthorized access attempts. MITRE Tactic: TA0001 MITRE Technique: T1110

Unauthorized query execution

This rule detects attempt to execute unauthorized query in Amazon Athena. Impact Unauthorized query execution could lead to unauthorized access to sensitive data, data leakage, or potential disruptions in query performance and resource utilization. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0006 MITRE Technique: T1562

Excessive data catalog deletion detected

This alert triggers when a single user attempts more than 10 deletions within a 5-minute interval in the AWS Data Catalog. The Athena Data Catalog is a central repository that stores metadata information about the data sources, tables, and partitions used for querying in Amazon Athena. It helps organize and manage data assets, enabling efficient querying and analysis of data stored in various formats and locations. impact This alert indicates an abnormal pattern of excessive data catalog deletions, which can potentially disrupt data management operations, cause loss of important metadata, and may suggest unauthorized or malicious activity. Mitigation Investigate the reason for the high volume of data catalog deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Documentation

Learn more about Coralogix's out-of-the-box integration with Amazon Athena in our documentation.

Read More
Schedule Demo