Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Amazon ElastiCache

Amazon ElastiCache
Amazon ElastiCache icon

Out-of-the-Box Security For Amazon ElastiCache Includes:

Alerts - 8

Stay on top of Amazon ElastiCache key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Cache security group modification

This rule monitors the modification of a cache security group. A cache security group is a virtual firewall that controls access to Amazon ElastiCache clusters. It defines inbound and outbound network traffic rules, allowing you to specify which IP addresses or security groups can access the cache clusters and what ports they can use for communication. Impact Cache security group modifications can lead to potential unauthorized access, or changes in network connectivity, impacting cache security and availability. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0005 MITRE Technique: T1098

Cache security group deletion detected

This rule detects deletion of a cache security group. Impact This alert indicates the deletion of a cache security group in Amazon ElastiCache, potentially leading to the removal of security controls for associated cache clusters, allowing unauthorized access and security vulnerabilities. Mitigation Investigate the reason for the security group deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Excessive cache cluster creation detected

This alert triggers when a single user attempts more than 10 cache cluster creations within a 5-minute interval. Impact This alert indicates an excessive cache cluster creations, potentially suggesting misconfigurations, operational issues, or security risks within the Amazon ElastiCache environment.n Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082

Cache cluster modification detected

This rule monitors the update of a cache cluster. Impact Cache cluster modifications can impact cache performance, data integrity, and application availability, potentially leading to unintended consequences. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0005 MITRE Technique: T1098

Cache cluster deletion detected

This rule detects deletion of a cache cluster. Impact Cache cluster deletion can result in data loss, service disruption, and potential impact on applications reliant on the cache, affecting performance and availability. Mitigation Investigate the reason for the cache cluster deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Cache snapshot deletion detected

This rule detects deletion of a cache snapshot. Impact Cache snapshot deletion can lead to data loss, compromised disaster recovery, and potential disruptions in data availability and restoration. Mitigation Investigate the snapshot deletion event, enforce stringent access controls for snapshot management and regularly review and monitor snapshot activities. MITRE Tactic: TA0040 MITRE Technique: T1485

Excessive cache snapshot deletion detected

This alert triggers when a single user attempts more than 10 cache snapshot deletions within a 5-minute interval. Impact This alert indicates an excessive cache snapshot deletions which can indicate potential brute force or unauthorized access attempts. Mitigation Investigate the reason for the high volume of cache snapshot deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Excessive cache cluster deletion detected

This alert triggers when a single user attempts more than 10 cache cluster deletions within a 5-minute interval. Impact This alert indicates an abnormal pattern of excessive cache cluster deletions, which can potentially disrupt data management operations, cause loss of important metadata, and may suggest unauthorized or malicious activity. Mitigation Investigate the reason for the high volume of cache cluster deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Documentation

Learn more about Coralogix's out-of-the-box integration with Amazon ElastiCache in our documentation.

Read More
Schedule Demo