open-menu
closeme
AWS CloudTrail Log Created
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Deleted
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Suspended
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Updated
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Alarm Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Log Group Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Log Stream Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Impact
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS Config Resource Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS Configuration Recorder Stopped
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS Deletion of RDS Instance or Cluster
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Encryption Disabled
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Full Network Packet Capture Detected
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Network Access Control List Creation
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Network Access Control List Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Snapshot Activity
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS File System or Mount Deleted
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Created
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Modified or Deleted
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS EventBridge Rule Disabled or Deleted
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS Execution via System Manager
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Initial Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS GuardDuty Detector Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Assume Role Policy Update
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Brute Force of Assume Role Policy
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Deactivation of MFA Device
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Group Creation
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Group Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Password Recovery Requested
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM User Addition to Group
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Credential Access
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS KMS Customer Managed Key Disabled or Scheduled for Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS Management Console Brute Force of Root User Identity
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
AWS Management Console Root Login
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Cluster Creation
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Instance Creation
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Instance/Cluster Stoppage
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Security Group Creation
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Security Group Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Snapshot Export
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Snapshot Restored
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS Redshift Cluster Creation
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Root Login Without MFA
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route Table Created
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route Table Modified or Deleted
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route53 private hosted zone associated with a VPC
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Configuration Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS SAML Activity
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS Security Group Configuration Change Detection
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Security Token Service (STS) AssumeRole Usage
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetSessionToken Abuse
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS VPC Flow Logs Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS WAF Access Control List Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS WAF Rule or Rule Group Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen AWS Secret Value Accessed in Secrets Manager
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Rare AWS Error Code
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Spike in AWS Error Messages
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Unusual AWS Command for a User
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Unusual City For an AWS Command
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Unusual Country For an AWS Command
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
to-top