Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Perimeter 81

Perimeter 81
Perimeter 81 icon

Coralogix Extension For Perimeter 81 Includes:

Alerts - 7

Stay on top of Perimeter 81 key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

A user was deleted

This alert detects when a user was deleted. This alert should be fine tuned according to your organizational policy. Impact User deletion should be verified as legitimate in order to avoid accidental deletion or malicious intention by an adversary. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0040 MITRE Technique: T1531

New local user created

This alert detects when a user is created. This alert should be fine tuned according to your organizational policy. Impact A creation of a user is usually a legitimate operation, but adversaries also create their own accounts for persistence and evasion. Therefore user creation actions should be monitored and validated as legitimate. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0003 MITRE Technique: T1098

Perimeter 81 WireGuard - Connection request from a new country a new country

This alert detects a connection request from a never seen before country observer. This can be due to users traveling to a new location or an indication of a malicious actor trying to get access to the companies internal assets. Impact If a malicious actor got a hold of users credentials he can gain access to sensitive internal assets. Mitigation Validate with the relevant user if the user was the one to perform the relevant connection request. If needed, Temporarily block the user and further investigate according to company policies. MITRE Tactic: TA0001 MITRE Technique: T1133

Perimeter 81 WireGuard - New gateway IP detected

This alert detects when a new gateway IP gets observed. Impact In case of migration to a new IP the reachability for some users might be affected. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0003 MITRE Technique: T1098 MITRE Sub_Technique: 005

Perimeter 81 WireGuard - New gateway DNS

This alert detects when a new gateway DNS gets observed. Impact If a new DNS name was assigned to a gateway it might affect the reachability of the gateway for some users. Mitigation Validate the reason for the new DNS. If needed, further investigate according to company policies. In needed, remove the new DNS name. MITRE Tactic: TA0003 MITRE Technique: T1098 MITRE Sub_Technique: 005

Perimeter 81 WireGuard - User connection attempt from multiple countries

User authentication from multiple countries over a short period of time observed. This kind of activity can be originated due to few reason: the user is traveling for work or the user was compromised by a malicious actor. Impact If a users computer was compromised a malicious actor can gain access to internal assets. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0001 MITRE Technique: T1133

No logs from Perimeter 81

This rule detects if there are no logs in the last 24 hours for Perimeter 81 in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Integration

Learn more about Coralogix's out-of-the-box integration with Perimeter 81 in our documentation.

Read More
Schedule Demo