Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
An AWS network ACL rule was deleted.
Attacker's Goals
This action may assist an attacker gain persistence for the cloud environment (in case of ingress rule).
Or in case of egress rule, this may allow an attacker to exfiltrate data.
Investigative actions
- Check which VPC is affected and the resources it contains.
- Check the rule number (as they effect by order).
- Check if the rule is ingress/egress.