Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Amazon SQS

Amazon SQS
Amazon SQS icon

Coralogix Extension For Amazon SQS Includes:

Alerts - 6

Stay on top of Amazon SQS key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Excessive queue creation

Multiple SQS queues were created. SQS Queues are used to send and receive messages from different AWS resources, which could range from email updates to triggering software automation processes depending on the implementation. Impact Excessive queue creation can indicate malicious activity as it could disrupt normal business or system operations, automated processes, or a customer update mechanism (like email updates). Mitigation Verify with the creating user that the queues were intended to be created, if not, restore and further investigate. MITRE Tactic: TA0040 MITRE Technique: T1531

A queue was purged

An SQS queue was purged. SQS Queues are used to send and receive messages from different AWS resources, which could range from email updates to triggering software automation processes depending on the implementation. Impact Depending on the queue purged, it could disrupt normal business or system operations, automated processes, or a customer update mechanism (like email updates). Mitigation Verify with the purging user that the queue was intended to be deleted, if not, restore and further investigate. MITRE Tactic: TA0005 MITRE Technique: T1578

A queue was deleted

An SQS queue was deleted. SQS Queues are used to send and receive messages from different AWS resources, which depending on the implementation could range from email updates to triggering software automation processes. Impact Depending on the queue deleted, it could disrupt normal business or system operations, automated processes, or a customer update mechanism (like email updates). Mitigation Verify with the deleting user that the queue was intended to be deleted, if not, restore and further investigate. MITRE Tactic: TA0005 MITRE Technique: T1562

Server-Side Encryption for AWS SQS queue was disabled

An unencrypted SQS queue can expose sensitive information, it is a best practice to keep encryption enabled. Impact An unencrypted SQS queue can cause data leakage and expose internal information to attackers. Mitigation Verify why SSE was disabled. Enabled it back and further investigate if the action looks suspicious or was unauthorized. MITRE Tactic: TA0040 MITRE Technique: T1565

Excessive queue deletion

Multiple SQS queues were deleted. SQS Queues are used to send and receive messages from different AWS resources, which could range from email updates to triggering software automation processes depending on the implementation. Impact Excessive queue deletion can indicate malicious activity as it could disrupt normal business or system operations, automated processes, or a customer update mechanism (like email updates). Mitigation Verify with the deleting user that the queues were intended to be deleted, if not, restore and further investigate. MITRE Tactic: TA0040 MITRE Technique: T1531

An SQS queue attributes were changed

This alert triggers when a user create or changes the attributes of a queue. Please review the policy field in the log to determine which attributes were changes. Impact An SQS queue can be made public or add permissions to send or receive messages to unauthorized users or groups. Inadequate permissions can cause spamming, degradation of service or trigger internal actions depending on the purpose of the queue. Mitigation Verify with the user that the changes were intentional, if not, revert or restrict permissions accordingly. MITRE Tactic: TA0009 MITRE Technique: T1213

Integration

Learn more about Coralogix's out-of-the-box integration with Amazon SQS in our documentation.

Read More
Schedule Demo