Quick Start Security for Perimeter 81
Thank you!
We got your information.
Coralogix Extension For Perimeter 81 Includes:
Alerts - 6
Stay on top of Perimeter 81 key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
A user was deleted
This alert detects when a user was deleted. This alert should be fine tuned according to your organizational policy. Impact User deletion should be verified as legitimate in order to avoid accidental deletion or malicious intention by an adversary. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0040 MITRE Technique: T1531
New local user created
This alert detects when a user is created. This alert should be fine tuned according to your organizational policy. Impact A creation of a user is usually a legitimate operation, but adversaries also create their own accounts for persistence and evasion. Therefore user creation actions should be monitored and validated as legitimate. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0003 MITRE Technique: T1098
Perimeter 81 WireGuard - Connection request from a new country a new country
This alert detects a connection request from a never seen before country observer. This can be due to users traveling to a new location or an indication of a malicious actor trying to get access to the companies internal assets. Impact If a malicious actor got a hold of users credentials he can gain access to sensitive internal assets. Mitigation Validate with the relevant user if the user was the one to perform the relevant connection request. If needed, Temporarily block the user and further investigate according to company policies. MITRE Tactic: TA0001 MITRE Technique: T1133
Perimeter 81 WireGuard - New gateway IP detected
This alert detects when a new gateway IP gets observed. Impact In case of migration to a new IP the reachability for some users might be affected. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0003 MITRE Technique: T1098 MITRE Sub_Technique: 005
Perimeter 81 WireGuard - New gateway DNS
This alert detects when a new gateway DNS gets observed. Impact If a new DNS name was assigned to a gateway it might affect the reachability of the gateway for some users. Mitigation Validate the reason for the new DNS. If needed, further investigate according to company policies. In needed, remove the new DNS name. MITRE Tactic: TA0003 MITRE Technique: T1098 MITRE Sub_Technique: 005
Perimeter 81 WireGuard - User connection attempt from multiple countries
User authentication from multiple countries over a short period of time observed. This kind of activity can be originated due to few reason: the user is traveling for work or the user was compromised by a malicious actor. Impact If a users computer was compromised a malicious actor can gain access to internal assets. Mitigation Verify with the user who initiated the action that it was legitimate, if not, revert the changes and investigate further as needed. MITRE Tactic: TA0001 MITRE Technique: T1133
Integration
Learn more about Coralogix's out-of-the-box integration with Perimeter 81 in our documentation.