[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for Amazon SES

Amazon SES
Amazon SES icon

Coralogix Extension For Amazon SES Includes:

Alerts - 4

Stay on top of Amazon SES key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Modification Attempts Made on SES

This alert triggers when Amazon Simple Email Service (SES) has been modified. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). An attacker could modify the AWS Simple Email Service to propagate large-scale phishing email campaigns. Mitigation Determine if the API calls should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0040 MITRE Technique: T1496

Building Block - Enumeration Attempts Seen by Previously Unseen User

This alert triggers when the Amazon Simple Email Service (SES) is enumerated by a previously unseen user to get the service quota, identity information, etc. by a user. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). Threat actors make 'getservicequota', 'listservicequota', 'listidentities', and 'GetAccountSendingEnabled' calls to get an idea of if the compromised account is capable of sending messages and if yes, how many emails can be sent at once and which emails and domains are registered to send emails. Mitigation Determine if the API calls should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0007 MITRE Technique: T1526

Flow Alert - Possible Exploitation of SES Service

This flow alert triggers when after enumerating SES capabilities a user requests for increase in the email sending quota. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). Threat actors first enumerate the email sending quota and the associated identity and then based on the available quota may request to increase it so that they can send more spam. Mitigation Determine if the API calls should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0001 MITRE Technique: T1566

Building Block - Service Quota Increase Requested

This alert triggers when an increase in Simple Email Service (SES) sending limits is requested. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). Threat actors request to increase in Simple Email Service (SES) sending limits so that they can send more spam. Mitigation Determine if the API call should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0001 MITRE Technique: T1566

Integration

Learn more about Coralogix's out-of-the-box integration with Amazon SES in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3