Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
Cloud Data Asset Exfiltration, Data Detection & Response |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
An identity tries to exfiltrate data from cloud database, as indicated by multiple signals.
Attacker's Goals
Exfiltrate data from the cloud environment.
Investigative actions
Check the identity which invoked the operation.
Variations
Data exfiltration from cloud database containing sensitive data from a production account toa foreign accountSuspicious data exfiltration from cloud database