Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for AWS ELB

AWS ELB
AWS ELB icon

Out-of-the-Box Security For AWS ELB Includes:

Alerts - 6

Stay on top of AWS ELB key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

A Load Balancer has been deleted

This alert triggers whenever a load balancer has been deleted along with its attached listeners. A load balancer serves as the single point of contact for clients. The load balancer distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones. This increases the availability of your application. Impact Load balancers are often used to achieve high availability by distributing traffic across multiple instances or availability zones. Deleting the load balancer can lead to a single point of failure, as incoming traffic will no longer be automatically redirected if an instance or availability zone becomes inaccessible. Mitigation Verify if this was an authorized action. if not, investigate further and revert the changes. MITRE Tactic: TA0005 MITRE Technique: T1578

A Load Balancer has been created

This alert triggers whenever a load balancer has been created. A load balancer serves as the single point of contact for clients. The load balancer distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones. This increases the availability of your application. Impact Creation of a new load balancer should be verified as it can greatly impact the network flow or route network traffic to an attacker-controlled environment. Mitigation Inspect the user who created the load balancer and verify if this was an authorized action. if not, investigate further and revert the changes. MITRE Tactic: TA0005 MITRE Technique: T1578

A Listener has been modified

This alert triggers whenever an ELB Listener has been modified and the modified protocol is not TLS/HTTPS. An AWS Elastic Load Balancer (ELB) listener is a process that checks for connection requests using the protocol and port that you configure. It is configured with a protocol and a port for front-end (client to load balancer) connections, and a protocol and a port for back-end (load balancer to back-end instance) connections. Impact Without an HTTPS listener, front-end connections are vulnerable to exploits, such as man-in-the-middle (MITM) attacks. Mitigation Review which protocols and ports have been added/subtracted. If the user making the changes wasn't authorized to do so, revert the changes. MITRE Tactic: TA0005 MITRE Technique: T1578

A Listener has been deleted

This alert triggers whenever a load balancer listener has been deleted. An AWS Elastic Load Balancer (ELB) listener is a process that checks for connection requests using the protocol and port that you configure. It is configured with a protocol and a port for front-end (client to load balancer) connections, and a protocol and a port for back-end (load balancer to back-end instance) connections. Impact The listener is responsible for receiving incoming requests on a specific port and protocol and routing them to the appropriate backend targets (e.g., EC2 instances). Deleting a listener will result in a loss of traffic routing capabilities for that port and protocol. Mitigation Review the deleted listener and determine if the action was approved. Revert changes if the action wasn't authorized and investigate further for any other impact. MITRE Tactic: TA0005 MITRE Technique: T1578

A Target Group has been deleted

This alert triggers when a target group has been deleted. A load balancer serves as the single point of contact for clients. Target groups route requests to individual registered targets, such as EC2 instances, using the protocol and port number that you specify. You can register a target with multiple target groups. Impact If the target group is actively being used by your ELB to distribute traffic to your instances, deleting the target group will result in a disruption of service. Users may experience downtime or inability to access your application until a new target group is configured and associated with the ELB. Mitigation Verify if this was an authorized action. if not, investigate further and revert the changes. MITRE Tactic: TA0005 MITRE Technique: T1578

A Listener created without TLS/HTTPS protocol

This alert triggers whenever an ELB Listener is created and the associated protocol is not TLS/HTTPS. An AWS Elastic Load Balancer (ELB) listener is a process that checks for connection requests using the protocol and port that you configure. It is configured with a protocol and a port for front-end (client to load balancer) connections, and a protocol and a port for back-end (load balancer to back-end instance) connections. Impact Without an HTTPS listener, front-end connections are vulnerable to exploits, such as man-in-the-middle (MITM) attacks. Mitigation Follow the best security practices while creating the load balancer listener. Please see the below link for more details: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html MITRE Tactic: TA0005 MITRE Technique: T1578

Documentation

Learn more about Coralogix's out-of-the-box integration with AWS ELB in our documentation.

Read More
Schedule Demo