Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for AWS VPN

thank you

Thank you!

We got your information.

AWS VPN
AWS VPN icon

Coralogix Extension For AWS VPN Includes:

Dashboards - 1

Gain instantaneous visualization of all your AWS VPN data.

AWS VPN
AWS VPN

Alerts - 5

Stay on top of AWS VPN key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Multiple Users Failed Authentication From A Single IP

This alert will trigger once more then 10 different users will fail VPN authentication from a single IP address. Malicious actors will try and authenticate to the company's VPN from compromised computers in order to try and gain access to sensitive assets. This type of activity can indicate a brute force attack trying to obtain user credentials and company access. Impact Malicious actors might gain access to sensitive assets and data. Mitigation Validate the origin of the IP address. Enforce password changes to company devices for the relevant users. If needed, Block the source IP in the organizations firewall. If needed, further investigate according to company policy. MITRE Tactic: TA0001 MITRE Technique: T1078

Single User Failed Authentications From Multiple IPs

This alert will trigger once a single user will fail VPN authentication from more then 10 IP addresses in a time range of 10 minute. Failed authentication from multiple IP addresses indicates that a malicious actor got a hold of the users credential and trying to authenticate to the company's VPN solution in order to gain access to sensitive resources. Impact Malicious actors might gain access to sensitive assets and data. Mitigation Confirm with the user if he was the cause for those authentication. Enforce password changes to company devices for the relevant user. If needed, further investigate according to company policy. MITRE Tactic: TA0001 MITRE Technique: T1078

Multiple Authentication Failures By A Single User

This alert will trigger once if there are more then 5 failed authentication attempts from the same user. Malicious actors will try to authenticate to the company's VPN from compromised computers in order to gain access to sensitive assets. Impact Malicious actors might gain access to sensitive assets and data. Mitigation Validate the origin of the IP address. If needed, enforce password changes to company devices for the relevant users. If needed, block the source IP in the organizations firewall. If needed, further investigate according to company policy. MITRE Tactic: TA0001 MITRE Technique: T1078

Failed Authentication Attempt By A New User

This alert will trigger once a user that was not seen in the last 7 days will fail an authentication attempt. Malicious actors will try to authenticate to the company's VPN in order to gain access to sensitive assets. Impact Malicious actors might gain access to sensitive assets and data. Mitigation Validate the origin of the IP address. If needed, enforce password changes to company devices for the relevant users. If needed, block the source IP in the organizations firewall. If needed, further investigate according to company policy. MITRE Tactic: TA0001 MITRE Technique: T1078

Failed Authentication Attempt From A New IP

This alert will trigger once an IP that was not seen in the last 7 days will fail an authentication attempt. Malicious actors will try to authenticate to the company's VPN in order to gain access to sensitive assets. Impact Malicious actors might gain access to sensitive assets and data. Mitigation Validate the origin of the IP address. If needed, enforce password changes to company devices for the relevant users. If needed, block the source IP in the organizations firewall. If needed, further investigate according to company policy. MITRE Tactic: TA0001 MITRE Technique: T1078

Integration

Learn more about Coralogix's out-of-the-box integration with AWS VPN in our documentation.

Read More
Schedule Demo