Cloud Security

Name Technique Tactic
AWS Cross Account Activity Use Alternate Authentication Material Defense Evasion
AWS IAM Privilege Escalation Cloud Account, Create Account Persistence
AWS Network ACL Activity Disable or Modify Cloud Firewall, Impair Defenses Defense Evasion
AWS Security Hub Alerts None None
AWS User Monitoring Cloud Service Discovery Discovery
Cloud Cryptomining Unused/Unsupported Cloud Regions Defense Evasion
Cloud Federated Credential Abuse Image File Execution Options Injection, Event Triggered Execution Privilege Escalation
Container Implantation Monitoring and Investigation Implant Internal Image Persistence
Dev Sec Ops Cloud Service Discovery Discovery
GCP Cross Account Activity Valid Accounts Defense Evasion
Kubernetes Scanning Activity Cloud Service Discovery Discovery
Kubernetes Sensitive Object Access Activity None None
Office 365 Detections Email Forwarding Rule, Email Collection Collection
Suspicious AWS Login Activities Unused/Unsupported Cloud Regions Defense Evasion
Suspicious AWS S3 Activities Data from Cloud Storage Object Collection
Suspicious AWS Traffic None None
Suspicious Cloud Authentication Activities Unused/Unsupported Cloud Regions Defense Evasion
Suspicious Cloud Instance Activities Transfer Data to Cloud Account Exfiltration
Suspicious Cloud Provisioning Activities Valid Accounts Defense Evasion
Suspicious Cloud User Activities Valid Accounts Defense Evasion
Suspicious GCP Storage Activities Data from Cloud Storage Object Collection