Product
Suspicious AWS ECR Container Upload by Unknown User
2 rules 1 TTPThis alert detects a container image upload to an AWS Elastic Container Registry (ECR) repository by a user that is not typically associated with such actions, potentially indicating account compromise or insider threat activity.
AWS ECR Container Upload Outside Business Hours
2 rules 1 TTPThis analytic detects the upload of a new container image to AWS Elastic Container Registry (ECR) outside of standard business hours, indicating potential unauthorized activity and leveraging AWS CloudTrail logs to identify `PutImage` events during non-business hours.
AWS ECR Container Scanning Reveals Low Severity Vulnerabilities
2 rules 1 TTP 1 CVEThis analytic identifies low, informational, or unknown severity findings from AWS Elastic Container Registry (ECR) image scans using AWS CloudTrail logs, indicating potential vulnerabilities or misconfigurations in container images that could lead to unauthorized access or data breaches.
AWS ECR Container Scanning Reveals Medium Severity Vulnerabilities
2 rules 1 TTP 1 CVEAWS Elastic Container Registry (ECR) image scans reveal medium-severity vulnerabilities, potentially leading to unauthorized access and data breaches if exploited within containerized applications.
AWS ECR Container Scanning Findings Placeholder
2 rules 3 TTPsThis is a placeholder brief due to the provided text being a GitHub navigation page, indicating no specific threat or attack details are available, and therefore serves as a template for future threat intelligence extraction related to AWS ECR container scanning.