Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Amazon OpenSearch

Amazon OpenSearch
Amazon OpenSearch icon

Out-of-the-Box Security For Amazon OpenSearch Includes:

Alerts - 6

Stay on top of Amazon OpenSearch key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

A domain configuration modification detected

This rule monitors the update of a domain configuration. Impact This alert signifies potential changes made to an Amazon OpenSearch domain configuration, which could impact the availability, performance, and security of the OpenSearch cluster. It may lead to service disruptions, degraded performance, or security vulnerabilities if not properly monitored and controlled. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0005 MITRE Technique: T1098

A domain deletion detected

This rule monitors for the deletion of a domain. Impact Deletion of a domain could lead to unintended data loss or could result from malicious activity. Mitigation Verify that the deletion was authorized and investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485

A VPC endpoint deletion detected

This rule monitors for the deletion of a VPC endpoint. Impact Deletion of a VPC endpoint should be verified, as it could disrupt network connectivity and communication between services using the endpoint. It might lead to accessibility issues and interruptions in data transfer. Mitigation Verify that the deletion was authorized and investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485

Excessive domain deletion detected

This alert triggers when a single user attempts more than 10 domain deletions within a 5-minute interval. Impact This alert indicates an excessive domain deletions, which could suggest potential unauthorized activities, misconfigurations, or security risks within the Amazon OpenSearch environment. Mitigation Investigate the reason for the high volume of domain deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Excessive VPC endpoint creation detected

This alert triggers when a single user attempts more than 10 VPC endpoint creations within a 5-minute interval. Impact This alert could potentially indicate misconfigurations, operational issues, or security risks within the Amazon OpenSearch environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082

Excessive domain creation detected

This alert triggers when a single user attempts more than 10 domain creations within a 5-minute interval. Impact This alert could potentially indicate misconfigurations, operational issues, or security risks within the Amazon OpenSearch environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082

Documentation

Learn more about Coralogix's out-of-the-box integration with Amazon OpenSearch in our documentation.

Read More
Schedule Demo