/
Malicious Activity Detected - Threat Intel

Malicious Activity Detected - Threat Intel

Owned by Former user (Deleted)
Last updated: Apr 30, 2020
1 min read

CUIT checks the entirety of AWS actions through CloudTrail and determines which of these events contain an IP address. With the presence of an IP address, we are able to cross reference this connection source or destination to a known bad entity.

Although particular scenarios would be hard to avoid a bad IP, for example, a web site having the necessity of being open to the world, in other situations with more restrictive access, controls can be put in place to prevent unwanted connections. Indication of a high count of threats can point to the need of security groups, which are the rules that determine who can connect and with what protocol. 

In the event of a spike in malicious activity, a review of these security groups to deny all traffic on the exception of what is allowed can easily combat attackers. More information on security groups and how to change them can be found here:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

Related content

Cloud Security Monitoring
Cloud Security Monitoring
CUIT CyberSecurity
More like this
AWS Security Alerts
AWS Security Alerts
CUIT CyberSecurity
Read with this
User Activity from Blacklisted Countries and Known Bad IP Addresses
User Activity from Blacklisted Countries and Known Bad IP Addresses
CUIT CyberSecurity
More like this
High Volume of Lambda Activity Detected
High Volume of Lambda Activity Detected
CUIT CyberSecurity
More like this
VPC Changes
VPC Changes
CUIT CyberSecurity
More like this
Web App Attack Detected Malicious UserAgent
Web App Attack Detected Malicious UserAgent
CUIT CyberSecurity
More like this