open-menu
closeme
AWS EC2 Instance Connect SSH Public Key Uploaded
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Roles Anywhere Profile Creation
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Roles Anywhere Trust Anchor Created with External CA
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Lambda Function Policy Updated to Allow Public Invocation
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Lambda
Use Case: Threat Detection
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Lambda Layer Added to Existing Function
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Lambda
Use Case: Threat Detection
Tactic: Execution
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Expiration Lifecycle Configuration Added
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: Amazon S3
Use Case: Asset Visibility
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Policy Added to Share with External Account
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS Security Token Service (STS) AssumeRole Usage
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS STS
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Systems Manager SecureString Parameter Request with Decryption Flag
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Systems Manager
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen AWS Secret Value Accessed in Secrets Manager
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Secrets Manager
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Insecure AWS EC2 VPC Security Group Ingress Rule Added
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Threat Detection
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Rapid Secret Retrieval Attempts from AWS SecretsManager
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Secrets Manager
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
SSM Session Started to EC2 Instance
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS SSM
Use Case: Threat Detection
Tactic: Lateral Movement
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Replicated to Another Account
calendar
Jul 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Resources: Investigation Guide
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Object Versioning Suspended
calendar
Jul 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Use Case: Threat Detection
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Server Access Logging Disabled
calendar
Jul 18, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: Amazon S3
Use Case: Asset Visibility
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM User Created Access Keys For Another User
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS DB Instance Made Public
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Resources: Investigation Guide
Use Case: Threat Detection
Tactic: Persistence
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS DB Instance or Cluster Deletion Protection Disabled
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Resources: Investigation Guide
Use Case: Threat Detection
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS DB Instance or Cluster Password Modified
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Resources: Investigation Guide
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS DB Snapshot Shared with Another Account
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Resources: Investigation Guide
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Snapshot Deleted
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Enumeration or Brute Force
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Resources: Investigation Guide
Use Case: Log Auditing
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM AdministratorAccess Policy Attached to Group
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM AdministratorAccess Policy Attached to Role
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM AdministratorAccess Policy Attached to User
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Object Encryption Using External KMS Key
calendar
Jul 5, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Data Source: AWS KMS
Use Case: Threat Detection
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Potential AWS S3 Bucket Ransomware Note Uploaded
calendar
Jul 2, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Use Case: Threat Detection
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS DB Instance Restored
calendar
Jun 29, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Use Case: Asset Visibility
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Rare AWS Error Code
calendar
Jun 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Spike in AWS Error Messages
calendar
Jun 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Unusual AWS Command for a User
calendar
Jun 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Unusual City For an AWS Command
calendar
Jun 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Unusual Country For an AWS Command
calendar
Jun 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Rule Type: ML
Rule Type: Machine Learning
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 EBS Snapshot Shared with Another Account
calendar
Jun 2, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetCallerIdentity API Called for the First Time
calendar
May 31, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS STS
Use Case: Identity and Access Audit
Tactic: Discovery
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Suspended
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Updated
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Cloudtrail
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Alarm Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Log Group Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS CloudWatch
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Log Stream Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS CloudWatch
Use Case: Log Auditing
Tactic: Impact
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS Config Resource Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS Configuration Recorder Stopped
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS Deletion of RDS Instance or Cluster
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Admin Credential Fetch via Assumed Role
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: Amazon EC2
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Encryption Disabled
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Full Network Packet Capture Detected
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Network Access Control List Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Network Access Control List Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Snapshot Activity
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS File System or Mount Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Modified or Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS EventBridge Rule Disabled or Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS Execution via System Manager
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS SSM
Use Case: Log Auditing
Tactic: Initial Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS GuardDuty Detector Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Assume Role Policy Update
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS STS
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Brute Force of Assume Role Policy
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Deactivation of MFA Device
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Group Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Use Case: Identity and Access Audit
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Group Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS IAM
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Password Recovery Requested
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Signin
Use Case: Identity and Access Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM User Addition to Group
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Credential Access
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS KMS Customer Managed Key Disabled or Scheduled for Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS KMS
Use Case: Log Auditing
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS Management Console Brute Force of Root User Identity
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
AWS Management Console Root Login
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Signin
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Cluster Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Instance Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Instance/Cluster Stoppage
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Security Group Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Security Group Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Snapshot Export
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS Redshift Cluster Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Redshift
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Root Login Without MFA
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Route53
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Route53
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Route53
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route Table Created
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Route53
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route Table Modified or Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Route53
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS Route53 private hosted zone associated with a VPC
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS Route53
Use Case: Asset Visibility
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Configuration Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS SAML Activity
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS Security Group Configuration Change Detection
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Network Security Monitoring
Tactic: Persistence
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetSessionToken Abuse
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS STS
Use Case: Identity and Access Audit
Tactic: Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS VPC Flow Logs Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS WAF Access Control List Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
AWS WAF Rule or Rule Group Deletion
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
EC2 AMI Shared with Another Account
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Route53 Resolver Query Log Configuration Deleted
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: Amazon Route53
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Abuse of Resources by High Token Count and Large Response Sizes
calendar
May 4, 2024
·
Domain: LLM
Data Source: AWS Bedrock
Data Source: Amazon Web Services
Data Source: AWS S3
Use Case: Potential Overload
Use Case: Resource Exhaustion
Mitre Atlas: LLM04
·
Share on:
twitter
facebook
linkedin
copy
to-top