Suspicious activity found in logs

firetail:insight-suspicious-in-logs

Type:

Detection

Rule Severity:

Info

Indicators of suspicious activity were found in the logs of the affected API.

Detecting suspicious activity is crucial for maintaining the security and integrity of your API:

  • Data Breaches: Unauthorized access can lead to data breaches, exposing sensitive information.
  • Service Disruption: Malicious activities can disrupt the availability and functionality of your API.
  • Reputation Damage: Security incidents can harm eputation and erode  trust.
  • Financial Loss: Data breaches and service disruptions can result in significant financial losses due to remediation costs, legal liabilities, and lost business.

Remediation

Review the logs in question and verify that any attempted attack was unsuccessful.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
AWS ALB is missing WAF
Circular references
AWS ALB should redirect HTTP to HTTPS
AppSync GraphQL API query depth limit high
Basic HTTP auth
Missing authentication