Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An AWS network ACL rule was created with a specific rule number.
Attacker's Goals
This action may assist an attacker gain persistence for the cloud environment (in case of ingress rule).
Or in case of egress rule, this may allow an attacker to exfiltrate data.
Investigative actions
- Check the VPC behind affected by this change.
- Check the rule number (as they effect by order).
- Check if the rule is ingress/egress.