Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An AWS network ACL rule was deleted.
Attacker's Goals
Deleting an ingress rule may allow an attacker to gain persistence in the cloud environment.
Deleting an egress rule may enable data exfiltration.
Investigative actions
- Identify which VPC and associated resources are affected.
- Check the rule number, as ACL rules are evaluated in order.
- Determine whether the rule is ingress or egress.