Quick Start Security for AWS Systems Manager
Thank you!
We got your information.
Coralogix Extension For AWS Systems Manager Includes:
Alerts - 4
Stay on top of AWS Systems Manager key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Excessive failed document retrieval attempts
This rule detects when there are more than 10 failed access attempts by a single user within a 5-minute interval to retrieve AWS Systems Manager documents. Impact This alert signifies a potential brute force or unauthorized access attempt to retrieve AWS Systems Manager document, which could indicate an attempt to gain unauthorized access to critical system configurations or sensitive information. Mitigation Investigate the root cause of the high number of failed retrieval attempts, verify access controls and permissions, and address any potential unauthorized activities or misconfigurations promptly to ensure proper and secure document access. MITRE Tactic: TA0001 MITRE Technique: T1110
Parameter deletion detected
This alert detects the deletion of a parameter within AWS Systems Manager. Impact This alert indicates the potential deletion of a parameter, which could lead to disruptions in system management capabilities, and a potential impact on the functionality of managed resources. Mitigation Monitor parameter deletion activities, enforce access controls, and regularly review and audit parameter changes to prevent unauthorized deletions within AWS Systems Manager. MITRE Tactic: TA0040 MITRE Technique: T1485
Excessive parameter creation detected
This alert triggers when a single user attempts more than 10 parameter creations within a 5-minute interval. Impact This alert indicates an excessive parameter creations, which may suggest misconfigurations, operational issues, or security risks within the AWS Systems Manager environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082
Excessive document creation detected
This alert triggers when a single user attempts more than 10 document creations within a 5-minute interval. Impact This alert indicates an excessive document creations, which may suggest misconfigurations, operational issues, or security risks within the AWS Systems Manager environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082
Integration
Learn more about Coralogix's out-of-the-box integration with AWS Systems Manager in our documentation.