Product
Unauthorized AWS ECR Container Upload by Unknown User
2 rules 1 TTPThe analytic detects unauthorized container uploads to AWS Elastic Container Service (ECR) by monitoring AWS CloudTrail events and identifying instances where a new container is uploaded by a user not previously recognized as authorized, potentially indicating a compromise or misuse of AWS ECR.
AWS ECR Container Upload Anomaly Outside Business Hours
2 rules 1 TTPThis detection identifies uploads of new containers to AWS Elastic Container Registry (ECR) outside of standard business hours, potentially indicating unauthorized access or malicious deployments.
Suspicious AWS ECR Container Upload Outside Business Hours
2 rules 1 TTPAn AWS Elastic Container Registry (ECR) container image upload occurring outside of normal business hours can indicate suspicious or malicious activity, such as an attacker attempting to deploy compromised containers.
AWS ECR Container Upload by Unknown User
2 rules 1 TTPAn unauthorized user uploaded a new container image to AWS Elastic Container Registry (ECR), potentially leading to the deployment of malicious containers and further compromise of the AWS environment.