Product
medium
advisory
Suspicious AWS EC2 Key Pair Import Activity
2 rules 1 TTPThe import of SSH key pairs into AWS EC2, as detected by CloudTrail logs, may indicate unauthorized access attempts, persistence establishment, or privilege escalation by an attacker.
Elastic Compute Cloud
aws
cloudtrail
ec2
keypair
initial-access
persistence
privilege-escalation
2r
1t
high
advisory
AWS VPC Flow Logs Deletion for Defense Evasion
2 rules 1 TTPAn adversary may delete VPC Flow Logs in AWS EC2 by calling the DeleteFlowLogs API to evade detection and hinder forensic investigations.
Elastic Compute Cloud
cloud
aws
defense-evasion
vpc
flow-logs
2r
1t