Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for AWS Network Firewall

AWS Network Firewall
AWS Network Firewall icon

Coralogix Extension For AWS Network Firewall Includes:

Dashboards - 2

Gain instantaneous visualization of all your AWS Network Firewall data.

AWS Network Firewall - IDS Overview
AWS Network Firewall - IDS Overview
AWS Network Firewall - Netflow Overview
AWS Network Firewall - Netflow Overview

Alerts - 4

Stay on top of AWS Network Firewall key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

High Severity Suricata Alert Detected

This alert triggers for all Network Firewall logs with high-severity Suricata alert events. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'signature', 'category', 'src_ip', and 'dest_ip' in the log if these fields are present (can change per log). Also, check for any repeating alerts for the same machine/IP and adjacent logs.

Medium Severity Suricata Alert Detected

This alert triggers for all Network Firewall logs with medium-severity Suricata alert events. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'signature', 'category', 'src_ip', and 'dest_ip' in the log if these fields are present (can change per log). Also, check for any repeating alerts for the same machine/IP and adjacent logs.

Low Severity Suricata Alert Detected

This alert triggers for all Network Firewall logs with low-severity Suricata alert events. Impact Depends on the type and parameters of the log. Please check the logs for more details. Mitigation To further investigate the alert, check fields like 'signature', 'category', 'src_ip', and 'dest_ip' in the log if these fields are present (can change per log). Also, check for any repeating alerts for the same machine/IP and adjacent logs.

No Logs in last 4 hours

This alert triggers when there are no network firewall logs in the platform in the last 4 hours. Impact An adversary may disable logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Mitigation Investigate the root cause of this behavior and re-enable the logging, if it is disabled. Additionally, administrators can manage policies to ensure only necessary users have permission to make changes to logging policies. MITRE Tactic: TA0005 MITRE Technique: T1562

Integration

Learn more about Coralogix's out-of-the-box integration with AWS Network Firewall in our documentation.

Read More
Schedule Demo