Compute activity in dormant cloud region

Cortex XSIAM Analytics Alert Reference by Alert name

Product

Cortex XSIAM

Last date published

2026-03-15

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	5 Days
Required Data	Requires one of the following data sources: AWS Audit Log OR Azure Audit Log OR Gcp Audit Log
Detection Modules	Cloud
Detector Tags
ATT&CK Tactic	Defense Evasion (TA0005)
ATT&CK Technique	Unused/Unsupported Cloud Regions (T1535)
Severity	Informational

A compute resource was created or updated in a cloud region that has been dormant for this project.

Create compute resources in unmonitored regions to evade detection for purposes such as hijacking resources or establishing persistence.

ATT&CK Tactic	Defense Evasion (TA0005)
ATT&CK Technique	Unused/Unsupported Cloud Regions (T1535)
Severity	Informational

A compute resource was created or updated in a cloud region that has been dormant for this project.

Create compute resources in unmonitored regions to evade detection for purposes such as hijacking resources or establishing persistence.

ATT&CK Tactic	Defense Evasion (TA0005)
ATT&CK Technique	Unused/Unsupported Cloud Regions (T1535)
Severity	Medium

A compute resource was created or updated in a cloud region that has been dormant for this project.

Create compute resources in unmonitored regions to evade detection for purposes such as hijacking resources or establishing persistence.

ATT&CK Tactic	Defense Evasion (TA0005)
ATT&CK Technique	Unused/Unsupported Cloud Regions (T1535)
Severity	High

A compute resource was created or updated in a cloud region that has been dormant for this project.

Create compute resources in unmonitored regions to evade detection for purposes such as hijacking resources or establishing persistence.