Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An AWS EKS cluster has been created or deleted.
Attacker's Goals
Gain access to the cluster and its resources.
Gain access to sensitive data stored in the cluster.
Investigative actions
Check whether the identity is authorized to perform changes to AWS EKS clusters.