Cloud Security

Name	Technique	Tactic
AWS Cross Account Activity	Use Alternate Authentication Material	Defense Evasion
AWS Defense Evasion	Impair Defenses, Disable Cloud Logs	Defense Evasion
AWS IAM Privilege Escalation	Cloud Account, Create Account	Persistence
AWS Identity and Access Management Account Takeover	Compromise Accounts, Cloud Accounts, Unused/Unsupported Cloud Regions	Resource Development
AWS Network ACL Activity	Disable or Modify Cloud Firewall	Defense Evasion
AWS Security Hub Alerts	None	None
AWS User Monitoring	Cloud Accounts	Defense Evasion
Azure Active Directory Account Takeover	Compromise Accounts, Cloud Accounts, Brute Force, Password Spraying	Resource Development
Azure Active Directory Persistence	Valid Accounts, Cloud Accounts	Defense Evasion
Azure Active Directory Privilege Escalation	Account Manipulation	Persistence
Cloud Cryptomining	Unused/Unsupported Cloud Regions	Defense Evasion
Cloud Federated Credential Abuse	Image File Execution Options Injection, Event Triggered Execution	Privilege Escalation
Dev Sec Ops	Cloud Service Discovery	Discovery
GCP Cross Account Activity	Valid Accounts	Defense Evasion
Kubernetes Scanning Activity	Cloud Service Discovery	Discovery
Kubernetes Sensitive Object Access Activity	None	None
Office 365 Detections	Email Forwarding Rule, Email Collection	Collection
Suspicious AWS Login Activities	Cloud Accounts	Defense Evasion
Suspicious AWS S3 Activities	Data from Cloud Storage	Collection
Suspicious AWS Traffic	None	None
Suspicious Cloud Authentication Activities	Compromise Accounts, Cloud Accounts, Unused/Unsupported Cloud Regions	Resource Development
Suspicious Cloud Instance Activities	Cloud Accounts, Valid Accounts	Defense Evasion
Suspicious Cloud Provisioning Activities	Valid Accounts	Defense Evasion
Suspicious Cloud User Activities	Valid Accounts	Defense Evasion
Suspicious GCP Storage Activities	Data from Cloud Storage	Collection