Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for AWS Systems Manager

AWS Systems Manager
AWS Systems Manager icon

Out-of-the-Box Security For AWS Systems Manager Includes:

Alerts - 4

Stay on top of AWS Systems Manager key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Excessive failed document retrieval attempts

This rule detects when there are more than 10 failed access attempts by a single user within a 5-minute interval to retrieve AWS Systems Manager documents. Impact This alert signifies a potential brute force or unauthorized access attempt to retrieve AWS Systems Manager document, which could indicate an attempt to gain unauthorized access to critical system configurations or sensitive information. Mitigation Investigate the root cause of the high number of failed retrieval attempts, verify access controls and permissions, and address any potential unauthorized activities or misconfigurations promptly to ensure proper and secure document access. MITRE Tactic: TA0001 MITRE Technique: T1110

Parameter deletion detected

This alert detects the deletion of a parameter within AWS Systems Manager. Impact This alert indicates the potential deletion of a parameter, which could lead to disruptions in system management capabilities, and a potential impact on the functionality of managed resources. Mitigation Monitor parameter deletion activities, enforce access controls, and regularly review and audit parameter changes to prevent unauthorized deletions within AWS Systems Manager. MITRE Tactic: TA0040 MITRE Technique: T1485

Excessive parameter creation detected

This alert triggers when a single user attempts more than 10 parameter creations within a 5-minute interval. Impact This alert indicates an excessive parameter creations, which may suggest misconfigurations, operational issues, or security risks within the AWS Systems Manager environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082

Excessive document creation detected

This alert triggers when a single user attempts more than 10 document creations within a 5-minute interval. Impact This alert indicates an excessive document creations, which may suggest misconfigurations, operational issues, or security risks within the AWS Systems Manager environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082

Documentation

Learn more about Coralogix's out-of-the-box integration with AWS Systems Manager in our documentation.

Read More
Schedule Demo