Product
high
advisory
AWS Security Services Impairment via Deletion Operations
3 rules 1 TTPAttackers attempt to impair or disable AWS security services such as GuardDuty, WAF, CloudWatch, Route 53 and CloudWatch Logs by deleting detectors, rule groups, IP sets, web ACLs, logging configurations, alarms and log streams, in order to evade detection and operate undetected.
AWS GuardDuty +4
aws
cloudtrail
defense-evasion
3r
1t
high
advisory
AWS CloudWatch Log Group Deletion for Defense Evasion
2 rules 1 TTPThe deletion of AWS CloudWatch log groups, detected via CloudTrail logs, indicates a potential defense evasion attempt by adversaries aiming to remove audit trails and hinder incident response.
AWS CloudWatch
cloud
aws
defense-evasion
2r
1t