Tag
high
advisory
AWS Network ACL Deletion Detected
2 rulesDetection of AWS Network Access Control List (ACL) deletion via CloudTrail logs indicating potential unauthorized access or data exfiltration.
AWS CloudTrail +3
cloud
aws
network-acl
privilege-escalation
2r
high
advisory
AWS Network ACL Created with All Ports Open
2 rulesThe analytic detects the creation or replacement of AWS Network Access Control Lists (ACLs) with rules that allow all traffic from a specified CIDR block, potentially exposing the network to unauthorized access and increasing the risk of data breaches.
CloudTrail +5
aws
network-acl
misconfiguration
cloud
security-group
2r
high
advisory
AWS Network Access Control List Created with All Open Ports
2 rulesThe analytic detects the creation of AWS Network Access Control Lists (ACLs) with all ports open to a specified CIDR by monitoring `CreateNetworkAclEntry` or `ReplaceNetworkAclEntry` actions with rules allowing all traffic, potentially leading to unauthorized network access.
Splunk Enterprise +3
cloud
aws
network-acl
misconfiguration
2r