Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Network sniffing tool was used in cloud environment.
Attacker's Goals
Adversaries may sniff network traffic to capture information about an environment, including authentication material passed over the network.
Investigative actions
- Check the targeted resources and the sniffing policy.
- Check the cloud identity activity prior/after the network sniffing.
Variations
Unusual Network sniffing detected in Cloud environmentSuccessful Network sniffing detected in Cloud environment