Quick Start Security for Amazon OpenSearch
Thank you!
We got your information.
Coralogix Extension For Amazon OpenSearch Includes:
Alerts - 6
Stay on top of Amazon OpenSearch key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
A domain configuration modification detected
This rule monitors the update of a domain configuration. Impact This alert signifies potential changes made to an Amazon OpenSearch domain configuration, which could impact the availability, performance, and security of the OpenSearch cluster. It may lead to service disruptions, degraded performance, or security vulnerabilities if not properly monitored and controlled. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0005 MITRE Technique: T1098
A domain deletion detected
This rule monitors for the deletion of a domain. Impact Deletion of a domain could lead to unintended data loss or could result from malicious activity. Mitigation Verify that the deletion was authorized and investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485
A VPC endpoint deletion detected
This rule monitors for the deletion of a VPC endpoint. Impact Deletion of a VPC endpoint should be verified, as it could disrupt network connectivity and communication between services using the endpoint. It might lead to accessibility issues and interruptions in data transfer. Mitigation Verify that the deletion was authorized and investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485
Excessive domain deletion detected
This alert triggers when a single user attempts more than 10 domain deletions within a 5-minute interval. Impact This alert indicates an excessive domain deletions, which could suggest potential unauthorized activities, misconfigurations, or security risks within the Amazon OpenSearch environment. Mitigation Investigate the reason for the high volume of domain deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485
Excessive VPC endpoint creation detected
This alert triggers when a single user attempts more than 10 VPC endpoint creations within a 5-minute interval. Impact This alert could potentially indicate misconfigurations, operational issues, or security risks within the Amazon OpenSearch environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082
Excessive domain creation detected
This alert triggers when a single user attempts more than 10 domain creations within a 5-minute interval. Impact This alert could potentially indicate misconfigurations, operational issues, or security risks within the Amazon OpenSearch environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082
Integration
Learn more about Coralogix's out-of-the-box integration with Amazon OpenSearch in our documentation.