Quick Start Security for Amazon SES
Thank you!
We got your information.
Amazon SES - Security Extension
Amazon SES is a cloud-based email service provider that can integrate into any application for high volume email automation. Whether you use an email software to send transactional emails, marketing emails, or newsletter emails, you pay only for what you use. Amazon SES is an email tool that also supports a variety of deployments including dedicated, shared, or owned IP addresses. Reports on sender statistics and email deliverability tools help businesses make every email count.
Coralogix Extension For Amazon SES Includes:
Alerts - 4
Stay on top of Amazon SES key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Modification Attempts Made on SES
This alert triggers when Amazon Simple Email Service (SES) has been modified. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). An attacker could modify the AWS Simple Email Service to propagate large-scale phishing email campaigns. Mitigation Determine if the API calls should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0040 MITRE Technique: T1496
Building Block - Enumeration Attempts Seen by Previously Unseen User
This alert triggers when the Amazon Simple Email Service (SES) is enumerated by a previously unseen user to get the service quota, identity information, etc. by a user. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). Threat actors make 'getservicequota', 'listservicequota', 'listidentities', and 'GetAccountSendingEnabled' calls to get an idea of if the compromised account is capable of sending messages and if yes, how many emails can be sent at once and which emails and domains are registered to send emails. Mitigation Determine if the API calls should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0007 MITRE Technique: T1526
Flow Alert - Possible Exploitation of SES Service
This flow alert triggers when after enumerating SES capabilities a user requests for increase in the email sending quota. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). Threat actors first enumerate the email sending quota and the associated identity and then based on the available quota may request to increase it so that they can send more spam. Mitigation Determine if the API calls should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0001 MITRE Technique: T1566
Building Block - Service Quota Increase Requested
This alert triggers when an increase in Simple Email Service (SES) sending limits is requested. Impact SES is a popular target for attackers as it can be abused to send out phishing and spam campaigns at massive rates and from a trusted sender (Amazon). Threat actors request to increase in Simple Email Service (SES) sending limits so that they can send more spam. Mitigation Determine if the API call should have been made by the user. If the user is unaware of the call made, investigate further for any malicious activities. MITRE Tactic: TA0001 MITRE Technique: T1566
Integration
Learn more about Coralogix's out-of-the-box integration with Amazon SES in our documentation.