Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
10 Minutes |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A cloud identity attempted to discover available resources within the cloud environment.
This may indicate an adversary attempting to map the organization's cloud environment and discover cloud resources that may assist to perform additional attacks within the environment.
Attacker's Goals
Map the cloud environment and detect potential resources to abuse.
Investigative actions
- Check the identity's role designation in the organization.
- Identify which available resources were discovered.
- Investigate if the discovered resources were used to extract sensitive information or perform other attacks in the cloud environment.