[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for Azure EventHubs

Azure EventHubs
Azure EventHubs icon

Coralogix Extension For Azure EventHubs Includes:

Alerts - 5

Stay on top of Azure EventHubs key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Unusual Spike in Incoming Traffic to Azure Eventhub.

This alert triggers when there is a sudden and significant increase in incoming traffic to Azure Event Hubs beyond the normal baseline. Impact An unusual spike in incoming traffic may indicate a distributed denial-of-service (DDoS) attack, data injection attempts, or malicious activity. Mitigation Monitor incoming traffic patterns regularly. Implement rate limiting, throttling, or Azure DDoS Protection to mitigate the impact of DDoS attacks. Use Azure Firewall or network security groups (NSGs) to restrict access to Event Hubs from unauthorized sources. Mitre tactic:TA0040 Mitre technique:T1078

Stream Encryption Stopped

This alert detects the stopping of encryption for a stream within Azure Eventhub. Impact This alert signifies the termination of encryption for an Azure Eventhub stream, potentially resulting in data exposure, unauthorized access, and compromised data security measures. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0040 MITRE Technique: T1485

Excessive Stream Deletion Detected

This alert triggers when a single user attempts more than 10 stream deletions within a 5-minute interval. Impact This alert indicates an excessive stream deletions, which could suggest potential unauthorized activities, misconfigurations, or security risks within the Azure Eventhubs environment. Mitigation Investigate the reason for the high volume of stream deletion, ensure proper access controls and permissions are in place, and promptly address any unauthorized activities or misconfigurations. MITRE Tactic: TA0040 MITRE Technique: T1485

Record Access Detected From a New User

This alert indicates the retrieval of a record by a new user that hasn't been observed within the last month. Impact This alert indicates the retrieval of initial records from an Azure eventhub stream by a new user. While this activity can be a normal part of stream usage, it could also be malicious if the user is attempting to gain unauthorized access to sensitive data or if it's part of a reconnaissance phase before launching more advanced attacks. Mitigation Review the user's access privileges, confirm if the retrieval was intentional or unauthorized, and take necessary action to enforce least privilege access if needed. MITRE Tactic: TA0003 MITRE Technique: T1081

Excessive Stream Creation Detected

This alert triggers when a single user attempts more than 10 stream creations within a 5-minute interval. Impact This alert indicates an excessive stream creations, which may suggest misconfigurations, operational issues, or potential security risks within the Azure Systems Manager environment. Mitigation Validate that the action was approved, investigate further if not. MITRE Tactic: TA0007 MITRE Technique: T1082

Integration

Learn more about Coralogix's out-of-the-box integration with Azure EventHubs in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3