EC2 instance Amazon machine image was created

Cortex XSIAM Analytics Alert Reference by Alert name

Product

Cortex XSIAM

Last date published

2026-01-27

Activation Period	14 Days
Training Period	30 Days
Test Period	N/A (single event)
Deduplication Period	1 Day
Required Data	Requires: AWS Audit Log
Detection Modules	Cloud
Detector Tags
ATT&CK Tactic	Exfiltration (TA0010)
ATT&CK Technique	Transfer Data to Cloud Account (T1537)
Severity	Informational

Amazon machine image was created from elastic compute cloud instance.

Creating Amazon machine images might be part of elastic compute cloud instance exfiltration chain.

Check if {identity_name} to create Amazon machine image.
Check if the {cloud_aws_instance_id} instance did not contain any sensitive data.