This rule monitors for the deletion of an identity pool. Impact Deletion of an identity pool could lead to unintended data loss or to access denial for users, loss of authentication capabilities, and disruption to application functionality that relies on Amazon Cognito's identity pool. Mitigation Verify that the deletion was authorized and investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485

This rule monitors the update of an identity pool. Impact This alert indicates potential modifications to an Amazon Cognito identity pool, which could have implications for user authentication, data security, and overall application behavior. These changes may result in user access problems and potential security vulnerabilities if not adequately monitored and managed. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0005 MITRE Technique: T1098

This rule monitors the update of an user pool. Impact This alert signifies potential changes made to an Amazon Cognito user pool, which could impact user authentication, data security, and application behavior. It may lead to user access issues, and potential security vulnerabilities if not properly monitored and controlled. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0005 MITRE Technique: T1098

This rule monitors for the deletion of a group. Impact The deletion of a user group within Amazon Cognito can disrupt access management, cause loss of permissions and roles associated with the group, and potentially lead to issues in user authentication and authorization processes. Mitigation Verify that the deletion was authorized and investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485

This rule monitors for the deletion of an user pool. Impact The deletion of a user pool in Amazon Cognito could potentially lead to the compromise of user accounts and sensitive user data, loss of access to critical application features, and disruption of user experiences, posing risks to data privacy and application security. Mitigation Verify that the deletion was authorized and investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485

This alert triggers when a single user attempts more than 10 user pool creations within a 5-minute interval. Impact This alert could potentially indicate misconfigurations, operational issues, or security risks within the Amazon Cognito environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082

This alert triggers when a single user attempts more than 10 group creations within a 5-minute interval. Impact This alert could potentially indicate misconfigurations, operational issues, or security risks within the Amazon Cognito environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082