Data Source: AWS WAF

AWS WAF Access Control List Deletion

Dec 18, 2025 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS WAF Use Case: Network Security Monitoring Tactic: Defense Evasion Resources: Investigation Guide ·
Share on:

Identifies the deletion of an AWS Web Application Firewall (WAF) Web ACL. Web ACLs are the core enforcement objects in AWS WAF, defining which traffic is inspected, allowed, or blocked for protected applications. Deleting a Web ACL removes all associated rules, protections, and logging configurations. Adversaries who obtain sufficient privileges may delete a Web ACL to disable critical security controls, evade detection, or prepare for downstream attacks such as web-application compromise, data theft, or resource abuse. Because Web ACLs are rarely deleted outside of controlled maintenance or infrastructure updates, unexpected deletions may indicate potential defense evasion.

Read More
AWS WAF Rule or Rule Group Deletion

Dec 18, 2025 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS WAF Use Case: Network Security Monitoring Tactic: Defense Evasion Resources: Investigation Guide ·
Share on:

Identifies the deletion of an AWS Web Application Firewall (WAF) rule or rule group. WAF rules and rule groups enforce critical protections for web applications by filtering malicious HTTP requests, blocking known attack patterns, and enforcing access controls. Deleting these rules—even briefly—can expose applications to SQL injection, cross-site scripting, credential-stuffing bots, or targeted exploitation. Adversaries who have gained sufficient permissions may remove WAF protections as part of a broader defense evasion or impact strategy, often preceding data theft or direct application compromise.

Read More

AWS WAF Access Control List Deletion

AWS WAF Rule or Rule Group Deletion