Product
high
advisory
AWS CloudTrail Logging Stopped for Defense Evasion
2 rules 1 TTP 1 IOCDetection of AWS CloudTrail `StopLogging` events indicating potential defense evasion by adversaries attempting to operate undetected within a compromised AWS environment by halting the logging of their malicious activities.
CloudTrail +4
aws
defense-evasion
cloud
2r
1t
1i
high
advisory
AWS Network ACL Created with All Ports Open
2 rulesThe analytic detects the creation or replacement of AWS Network Access Control Lists (ACLs) with rules that allow all traffic from a specified CIDR block, potentially exposing the network to unauthorized access and increasing the risk of data breaches.
CloudTrail +5
aws
network-acl
misconfiguration
cloud
security-group
2r
high
threat
AWS S3 Bucket Lifecycle Rule for Rapid Log Deletion
2 rules 1 TTPAn attacker modifies an AWS S3 bucket lifecycle policy to rapidly expire CloudTrail logs, hindering incident response and forensic analysis.
exploited
CloudTrail +4
aws
defense_evasion
s3
2r
1t