Product
high
advisory
AWS GuardDuty Detector Deletion or Disablement
3 rulesAttackers may delete or disable AWS GuardDuty detectors to impair defenses and evade detection of malicious activities within the AWS environment.
GuardDuty
defense-impairment
aws
cloudtrail
3r
high
advisory
AWS Security Services Impairment via Deletion of Resources
2 rules 1 TTPDetection of adversaries attempting to impair or disable AWS security services by deleting resources across GuardDuty, AWS WAF, CloudWatch, Route 53, and CloudWatch Logs to evade detection and remove visibility.
CloudWatch +5
aws
cloudtrail
defense-evasion
cloud
2r
1t
high
advisory
AWS Security Services Configuration Deletion
2 rules 1 TTPDetection of deletion of critical AWS Security Services configurations like CloudWatch alarms, GuardDuty detectors, and Web Application Firewall rules to evade detection, potentially leading to data breaches and unauthorized access.
CloudWatch +5
aws
cloudtrail
defense-evasion
security-service
2r
1t