amazon_cognito |
Amazon Cognito |
protect |
minimal |
T1078 |
Valid Accounts |
amazon_cognito |
Amazon Cognito |
protect |
partial |
T1078.004 |
Cloud Accounts |
amazon_cognito |
Amazon Cognito |
protect |
significant |
T1110 |
Brute Force |
amazon_cognito |
Amazon Cognito |
protect |
significant |
T1110.001 |
Password Guessing |
amazon_cognito |
Amazon Cognito |
protect |
significant |
T1110.002 |
Password Cracking |
amazon_cognito |
Amazon Cognito |
protect |
significant |
T1110.003 |
Password Spraying |
amazon_cognito |
Amazon Cognito |
protect |
significant |
T1110.004 |
Credential Stuffing |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1020 |
Automated Exfiltration |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1021.008 |
Direct Cloud VM Connections |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1029 |
Scheduled Transfer |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1041 |
Exfiltration Over C2 Channel |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1046 |
Network Service Scanning |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1048 |
Exfiltration Over Alternative Protocol |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1048.003 |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1059.009 |
Cloud API |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1071 |
Application Layer Protocol |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1071.001 |
Web Protocols |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1071.002 |
File Transfer Protocols |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1071.003 |
Mail Protocols |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1071.004 |
DNS |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1078 |
Valid Accounts |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1078.001 |
Default Accounts |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1078.004 |
Cloud Accounts |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1090 |
Proxy |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1090.001 |
Internal Proxy |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1090.002 |
External Proxy |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1090.003 |
Multi-hop Proxy |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1098 |
Account Manipulation |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1098.001 |
Additional Cloud Credentials |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1098.004 |
SSH Authorized Keys |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1110 |
Brute Force |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1110.001 |
Password Guessing |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1110.003 |
Password Spraying |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1110.004 |
Credential Stuffing |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1189 |
Drive-by Compromise |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1190 |
Exploit Public-Facing Application |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1485 |
Data Destruction |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1486 |
Data Encrypted for Impact |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1491 |
Defacement |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1491.001 |
Internal Defacement |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1491.002 |
External Defacement |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1496 |
Resource Hijacking |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1498 |
Network Denial of Service |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1498.001 |
Direct Network Flood |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1498.002 |
Reflection Amplification |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1526 |
Cloud Service Discovery |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1530 |
Data from Cloud Storage Object |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1531 |
Account Access Removal |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1552 |
Unsecured Credentials |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1552.001 |
Credentials In Files |
amazon_guardduty |
Amazon GuardDuty |
detect |
minimal |
T1552.005 |
Cloud Instance Metadata API |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1562 |
Impair Defenses |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1562.001 |
Disable or Modify Tools |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1562.006 |
Indicator Blocking |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1562.008 |
Disable Cloud Logs |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1565 |
Data Manipulation |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1565.001 |
Stored Data Manipulation |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1566 |
Phishing |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1566.001 |
Spearphishing Attachment |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1566.002 |
Spearphishing Link |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1566.003 |
Spearphishing via Service |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1567 |
Exfiltration Over Web Service |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1567.001 |
Exfiltration to Code Repository |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1567.002 |
Exfiltration to Cloud Storage |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1567.003 |
Exfiltration to Text Storage Sites |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1567.004 |
Exfiltration Over Webhook |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1568 |
Dynamic Resolution |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1568.002 |
Domain Generation Algorithms |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1571 |
Non-Standard Port |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1580 |
Cloud Infrastructure Discovery |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1595 |
Active Scanning |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1595.001 |
Scanning IP Blocks |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1595.002 |
Vulnerability Scanning |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1619 |
Cloud Storage Object Discovery |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1622 |
Debugger Evasion |
amazon_guardduty |
Amazon GuardDuty |
detect |
partial |
T1649 |
Steal or Forge Authentication Certificates |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1003 |
OS Credential Dumping |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1003.007 |
Proc Filesystem |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1003.008 |
/etc/passwd and /etc/shadow |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1021 |
Remote Services |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1021.004 |
SSH |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1037 |
Boot or Logon Initialization Scripts |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1037.004 |
RC Scripts |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1046 |
Network Service Scanning |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1053 |
Scheduled Task/Job |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1053.001 |
At (Linux) |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1053.003 |
Cron |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1053.006 |
Systemd Timers |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1068 |
Exploitation for Privilege Escalation |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070 |
Indicator Removal on Host |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.002 |
Clear Linux or Mac System Logs |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.003 |
Clear Command History |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.004 |
File Deletion |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.005 |
Network Share Connection Removal |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.006 |
Timestomp |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.007 |
Clear Network Connection History and Configurations |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.008 |
Clear Mailbox Data |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1070.009 |
Clear Persistence |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1110 |
Brute Force |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1110.001 |
Password Guessing |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1110.002 |
Password Cracking |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1110.003 |
Password Spraying |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1110.004 |
Credential Stuffing |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1133 |
External Remote Services |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1189 |
Drive-by Compromise |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1190 |
Exploit Public-Facing Application |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1203 |
Exploitation for Client Execution |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1210 |
Exploitation of Remote Services |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1211 |
Exploitation for Defense Evasion |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1212 |
Exploitation for Credential Access |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1222 |
File and Directory Permissions Modification |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1222.002 |
Linux and Mac File and Directory Permissions Modification |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1489 |
Service Stop |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1529 |
System Shutdown/Reboot |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1543 |
Create or Modify System Process |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1543.002 |
Systemd Service |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1548 |
Abuse Elevation Control Mechanism |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1548.003 |
Sudo and Sudo Caching |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1562 |
Impair Defenses |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1562.001 |
Disable or Modify Tools |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1562.003 |
Impair Command History Logging |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1562.004 |
Disable or Modify System Firewall |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1562.006 |
Indicator Blocking |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1595 |
Active Scanning |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1595.001 |
Scanning IP Blocks |
amazon_inspector |
Amazon Inspector |
protect |
partial |
T1595.002 |
Vulnerability Scanning |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1599 |
Network Boundary Bridging |
amazon_inspector |
Amazon Inspector |
protect |
minimal |
T1599.001 |
Network Address Translation Traversal |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1008 |
Fallback Channels |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1018 |
Remote System Discovery |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021 |
Remote Services |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021.001 |
Remote Desktop Protocol |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021.002 |
SMB/Windows Admin Shares |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021.003 |
Distributed Component Object Model |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021.004 |
SSH |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021.005 |
VNC |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021.006 |
Windows Remote Management |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1021.007 |
Cloud Services |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1040 |
Network Sniffing |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1046 |
Network Service Scanning |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1048 |
Exfiltration Over Alternative Protocol |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1048.003 |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1072 |
Software Deployment Tools |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1090 |
Proxy |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1090.001 |
Internal Proxy |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1090.002 |
External Proxy |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1090.003 |
Multi-hop Proxy |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1095 |
Non-Application Layer Protocol |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1133 |
External Remote Services |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1199 |
Trusted Relationship |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1205 |
Traffic Signaling |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1205.001 |
Port Knocking |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1210 |
Exploitation of Remote Services |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1219 |
Remote Access Software |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1482 |
Domain Trust Discovery |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
minimal |
T1498 |
Network Denial of Service |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
minimal |
T1499 |
Endpoint Denial of Service |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
minimal |
T1499.001 |
OS Exhaustion Flood |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
minimal |
T1499.002 |
Service Exhaustion Flood |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
minimal |
T1499.003 |
Application Exhaustion Flood |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
minimal |
T1542 |
Pre-OS Boot |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1542.005 |
TFTP Boot |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1557 |
Man-in-the-Middle |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1557.001 |
LLMNR/NBT-NS Poisoning and SMB Relay |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1557.002 |
ARP Cache Poisoning |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1557.003 |
DHCP Spoofing |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1565 |
Data Manipulation |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1565.002 |
Transmitted Data Manipulation |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1570 |
Lateral Tool Transfer |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
significant |
T1571 |
Non-Standard Port |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1590 |
Gather Victim Network Information |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1590.001 |
Domain Properties |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1590.004 |
Network Topology |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1590.005 |
IP Addresses |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1590.006 |
Network Security Appliances |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1595 |
Active Scanning |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1595.001 |
Scanning IP Blocks |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1595.002 |
Vulnerability Scanning |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1602 |
Data from Configuration Repository |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1602.001 |
SNMP (MIB Dump) |
amazon_virtual_private_cloud |
Amazon Virtual Private Cloud |
protect |
partial |
T1602.002 |
Network Device Configuration Dump |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1190 |
Exploit Public-Facing Application |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1485 |
Data Destruction |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1486 |
Data Encrypted for Impact |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1490 |
Inhibit System Recovery |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1491 |
Defacement |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1491.001 |
Internal Defacement |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1491.002 |
External Defacement |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1561 |
Disk Wipe |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1561.001 |
Disk Content Wipe |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1561.002 |
Disk Structure Wipe |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
minimal |
T1565 |
Data Manipulation |
aws_cloudendure_disaster_recovery |
AWS CloudEndure Disaster Recovery |
respond |
significant |
T1565.001 |
Stored Data Manipulation |
aws_cloudhsm |
AWS CloudHSM |
protect |
minimal |
T1552 |
Unsecured Credentials |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1552.001 |
Credentials In Files |
aws_cloudhsm |
AWS CloudHSM |
protect |
significant |
T1552.004 |
Private Keys |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1553 |
Subvert Trust Controls |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1553.002 |
Code Signing |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1553.004 |
Install Root Certificate |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1588 |
Obtain Capabilities |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1588.003 |
Code Signing Certificates |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1588.004 |
Digital Certificates |
aws_cloudhsm |
AWS CloudHSM |
protect |
partial |
T1649 |
Steal or Forge Authentication Certificates |
aws_cloudwatch |
AWS CloudWatch |
protect |
significant |
T1040 |
Network Sniffing |
aws_cloudwatch |
AWS CloudWatch |
detect |
partial |
T1496 |
Resource Hijacking |
aws_cloudwatch |
AWS CloudWatch |
detect |
partial |
T1610 |
Deploy Container |
aws_cloudwatch |
AWS CloudWatch |
detect |
minimal |
T1654 |
Log Enumeration |
aws_config |
AWS Config |
protect |
minimal |
T1020 |
Automated Exfiltration |
aws_config |
AWS Config |
protect |
partial |
T1020.001 |
Traffic Duplication |
aws_config |
AWS Config |
protect |
partial |
T1040 |
Network Sniffing |
aws_config |
AWS Config |
protect |
minimal |
T1053 |
Scheduled Task/Job |
aws_config |
AWS Config |
protect |
partial |
T1053.007 |
Container Orchestration Job |
aws_config |
AWS Config |
protect |
partial |
T1068 |
Exploitation for Privilege Escalation |
aws_config |
AWS Config |
protect |
minimal |
T1078 |
Valid Accounts |
aws_config |
AWS Config |
protect |
significant |
T1078.004 |
Cloud Accounts |
aws_config |
AWS Config |
protect |
minimal |
T1098 |
Account Manipulation |
aws_config |
AWS Config |
protect |
partial |
T1098.001 |
Additional Cloud Credentials |
aws_config |
AWS Config |
protect |
partial |
T1098.005 |
Device Registration |
aws_config |
AWS Config |
protect |
significant |
T1110 |
Brute Force |
aws_config |
AWS Config |
protect |
significant |
T1110.001 |
Password Guessing |
aws_config |
AWS Config |
protect |
significant |
T1110.002 |
Password Cracking |
aws_config |
AWS Config |
protect |
significant |
T1110.003 |
Password Spraying |
aws_config |
AWS Config |
protect |
significant |
T1110.004 |
Credential Stuffing |
aws_config |
AWS Config |
protect |
minimal |
T1119 |
Automated Collection |
aws_config |
AWS Config |
protect |
minimal |
T1136 |
Create Account |
aws_config |
AWS Config |
protect |
partial |
T1136.003 |
Cloud Account |
aws_config |
AWS Config |
protect |
partial |
T1190 |
Exploit Public-Facing Application |
aws_config |
AWS Config |
protect |
partial |
T1203 |
Exploitation for Client Execution |
aws_config |
AWS Config |
detect |
minimal |
T1204 |
User Execution |
aws_config |
AWS Config |
detect |
significant |
T1204.003 |
Malicious Image |
aws_config |
AWS Config |
protect |
partial |
T1210 |
Exploitation of Remote Services |
aws_config |
AWS Config |
protect |
partial |
T1211 |
Exploitation for Defense Evasion |
aws_config |
AWS Config |
protect |
partial |
T1212 |
Exploitation for Credential Access |
aws_config |
AWS Config |
protect |
partial |
T1485 |
Data Destruction |
aws_config |
AWS Config |
protect |
partial |
T1486 |
Data Encrypted for Impact |
aws_config |
AWS Config |
protect |
significant |
T1491 |
Defacement |
aws_config |
AWS Config |
protect |
significant |
T1491.001 |
Internal Defacement |
aws_config |
AWS Config |
protect |
significant |
T1491.002 |
External Defacement |
aws_config |
AWS Config |
detect |
partial |
T1496 |
Resource Hijacking |
aws_config |
AWS Config |
protect |
minimal |
T1498 |
Network Denial of Service |
aws_config |
AWS Config |
protect |
minimal |
T1498.001 |
Direct Network Flood |
aws_config |
AWS Config |
protect |
minimal |
T1498.002 |
Reflection Amplification |
aws_config |
AWS Config |
protect |
minimal |
T1499 |
Endpoint Denial of Service |
aws_config |
AWS Config |
protect |
minimal |
T1499.001 |
OS Exhaustion Flood |
aws_config |
AWS Config |
protect |
minimal |
T1499.002 |
Service Exhaustion Flood |
aws_config |
AWS Config |
protect |
minimal |
T1499.003 |
Application Exhaustion Flood |
aws_config |
AWS Config |
protect |
minimal |
T1499.004 |
Application or System Exploitation |
aws_config |
AWS Config |
detect |
minimal |
T1525 |
Implant Internal Image |
aws_config |
AWS Config |
protect |
significant |
T1530 |
Data from Cloud Storage Object |
aws_config |
AWS Config |
protect |
significant |
T1538 |
Cloud Service Dashboard |
aws_config |
AWS Config |
protect |
partial |
T1552 |
Unsecured Credentials |
aws_config |
AWS Config |
protect |
partial |
T1552.001 |
Credentials In Files |
aws_config |
AWS Config |
protect |
partial |
T1552.005 |
Cloud Instance Metadata API |
aws_config |
AWS Config |
protect |
partial |
T1552.007 |
Container API |
aws_config |
AWS Config |
protect |
minimal |
T1557 |
Man-in-the-Middle |
aws_config |
AWS Config |
detect |
minimal |
T1562 |
Impair Defenses |
aws_config |
AWS Config |
detect |
partial |
T1562.001 |
Disable or Modify Tools |
aws_config |
AWS Config |
detect |
significant |
T1562.007 |
Disable or Modify Cloud Firewall |
aws_config |
AWS Config |
detect |
significant |
T1562.008 |
Disable Cloud Logs |
aws_config |
AWS Config |
detect |
partial |
T1578.005 |
Modify Cloud Compute Configurations |
aws_config |
AWS Config |
protect |
partial |
T1609 |
Container Administration Command |
aws_config |
AWS Config |
protect |
partial |
T1610 |
Deploy Container |
aws_config |
AWS Config |
protect |
partial |
T1611 |
Escape to Host |
aws_config |
AWS Config |
protect |
partial |
T1613 |
Container and Resource Discovery |
aws_config |
AWS Config |
protect |
significant |
T1651 |
Cloud Administration Command |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
partial |
T1021.007 |
Cloud Services |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
partial |
T1078 |
Valid Accounts |
aws_identity_and_access_management |
AWS Identity and Access Management |
detect |
partial |
T1078 |
Valid Accounts |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
partial |
T1078.004 |
Cloud Accounts |
aws_identity_and_access_management |
AWS Identity and Access Management |
detect |
minimal |
T1078.004 |
Cloud Accounts |
aws_identity_and_access_management |
AWS Identity and Access Management |
detect |
minimal |
T1098 |
Account Manipulation |
aws_identity_and_access_management |
AWS Identity and Access Management |
detect |
minimal |
T1098.001 |
Additional Cloud Credentials |
aws_identity_and_access_management |
AWS Identity and Access Management |
detect |
minimal |
T1098.005 |
Device Registration |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
significant |
T1110 |
Brute Force |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
significant |
T1110.001 |
Password Guessing |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
significant |
T1110.003 |
Password Spraying |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
significant |
T1110.004 |
Credential Stuffing |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
minimal |
T1528 |
Steal Application Access Token |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
partial |
T1548.005 |
Temporary Elevated Cloud Access |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
minimal |
T1550 |
Use Alternate Authentication Material |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
minimal |
T1550.001 |
Application Access Token |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
significant |
T1621 |
Multi-Factor Authentication Request Generation |
aws_identity_and_access_management |
AWS Identity and Access Management |
protect |
partial |
T1648 |
Serverless Execution |
aws_iot_device_defender |
AWS IoT Device Defender |
protect |
minimal |
T1020 |
Automated Exfiltration |
aws_iot_device_defender |
AWS IoT Device Defender |
protect |
partial |
T1020.001 |
Traffic Duplication |
aws_iot_device_defender |
AWS IoT Device Defender |
protect |
partial |
T1040 |
Network Sniffing |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1041 |
Exfiltration Over C2 Channel |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1046 |
Network Service Scanning |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1048 |
Exfiltration Over Alternative Protocol |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1048.003 |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
minimal |
T1071 |
Application Layer Protocol |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
minimal |
T1078 |
Valid Accounts |
aws_iot_device_defender |
AWS IoT Device Defender |
protect |
minimal |
T1078 |
Valid Accounts |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1078.004 |
Cloud Accounts |
aws_iot_device_defender |
AWS IoT Device Defender |
protect |
partial |
T1078.004 |
Cloud Accounts |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
minimal |
T1095 |
Non-Application Layer Protocol |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1496 |
Resource Hijacking |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1530 |
Data from Cloud Storage Object |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
minimal |
T1552 |
Unsecured Credentials |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1552.004 |
Private Keys |
aws_iot_device_defender |
AWS IoT Device Defender |
protect |
minimal |
T1557 |
Man-in-the-Middle |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
minimal |
T1562 |
Impair Defenses |
aws_iot_device_defender |
AWS IoT Device Defender |
respond |
minimal |
T1562 |
Impair Defenses |
aws_iot_device_defender |
AWS IoT Device Defender |
detect |
partial |
T1562.008 |
Disable Cloud Logs |
aws_iot_device_defender |
AWS IoT Device Defender |
respond |
partial |
T1562.008 |
Disable Cloud Logs |
aws_key_management_service |
AWS Key Management Service |
protect |
minimal |
T1552 |
Unsecured Credentials |
aws_key_management_service |
AWS Key Management Service |
protect |
partial |
T1552.001 |
Credentials In Files |
aws_key_management_service |
AWS Key Management Service |
protect |
significant |
T1552.004 |
Private Keys |
aws_key_management_service |
AWS Key Management Service |
protect |
partial |
T1588 |
Obtain Capabilities |
aws_key_management_service |
AWS Key Management Service |
protect |
partial |
T1588.003 |
Code Signing Certificates |
aws_key_management_service |
AWS Key Management Service |
protect |
partial |
T1588.004 |
Digital Certificates |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1008 |
Fallback Channels |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1018 |
Remote System Discovery |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1021 |
Remote Services |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1021.001 |
Remote Desktop Protocol |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1021.002 |
SMB/Windows Admin Shares |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1021.004 |
SSH |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1021.005 |
VNC |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1021.006 |
Windows Remote Management |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1041 |
Exfiltration Over C2 Channel |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1046 |
Network Service Scanning |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1048 |
Exfiltration Over Alternative Protocol |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1048.003 |
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1071 |
Application Layer Protocol |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1071.001 |
Web Protocols |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1071.002 |
File Transfer Protocols |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1071.003 |
Mail Protocols |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1071.004 |
DNS |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1090 |
Proxy |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1090.002 |
External Proxy |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1090.003 |
Multi-hop Proxy |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1095 |
Non-Application Layer Protocol |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1104 |
Multi-Stage Channels |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1133 |
External Remote Services |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1187 |
Forced Authentication |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1205 |
Traffic Signaling |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1205.001 |
Port Knocking |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1205.002 |
Socket Filters |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1219 |
Remote Access Software |
aws_network_firewall |
AWS Network Firewall |
protect |
minimal |
T1498 |
Network Denial of Service |
aws_network_firewall |
AWS Network Firewall |
protect |
minimal |
T1498.001 |
Direct Network Flood |
aws_network_firewall |
AWS Network Firewall |
protect |
minimal |
T1498.002 |
Reflection Amplification |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1499 |
Endpoint Denial of Service |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1499.001 |
OS Exhaustion Flood |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1499.002 |
Service Exhaustion Flood |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1499.003 |
Application Exhaustion Flood |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1530 |
Data from Cloud Storage Object |
aws_network_firewall |
AWS Network Firewall |
protect |
minimal |
T1542 |
Pre-OS Boot |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1542.005 |
TFTP Boot |
aws_network_firewall |
AWS Network Firewall |
protect |
significant |
T1571 |
Non-Standard Port |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1572 |
Protocol Tunneling |
aws_network_firewall |
AWS Network Firewall |
detect |
partial |
T1589 |
Gather Victim Identity Information |
aws_network_firewall |
AWS Network Firewall |
detect |
minimal |
T1589.001 |
Credentials |
aws_network_firewall |
AWS Network Firewall |
detect |
partial |
T1589.002 |
Email Addresses |
aws_network_firewall |
AWS Network Firewall |
detect |
minimal |
T1589.003 |
Employee Names |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1590 |
Gather Victim Network Information |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1590.001 |
Domain Properties |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1590.004 |
Network Topology |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1590.005 |
IP Addresses |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1590.006 |
Network Security Appliances |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1595 |
Active Scanning |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1595.001 |
Scanning IP Blocks |
aws_network_firewall |
AWS Network Firewall |
protect |
partial |
T1595.002 |
Vulnerability Scanning |
aws_organizations |
AWS Organizations |
protect |
partial |
T1078 |
Valid Accounts |
aws_organizations |
AWS Organizations |
protect |
significant |
T1078.004 |
Cloud Accounts |
aws_organizations |
AWS Organizations |
protect |
minimal |
T1087 |
Account Discovery |
aws_organizations |
AWS Organizations |
protect |
partial |
T1087.004 |
Cloud Account |
aws_organizations |
AWS Organizations |
protect |
partial |
T1538 |
Cloud Service Dashboard |
aws_organizations |
AWS Organizations |
protect |
partial |
T1580 |
Cloud Infrastructure Discovery |
aws_organizations |
AWS Organizations |
protect |
partial |
T1651 |
Cloud Administration Command |
aws_rds |
AWS RDS |
protect |
significant |
T1040 |
Network Sniffing |
aws_rds |
AWS RDS |
protect |
partial |
T1190 |
Exploit Public-Facing Application |
aws_rds |
AWS RDS |
respond |
significant |
T1190 |
Exploit Public-Facing Application |
aws_rds |
AWS RDS |
protect |
partial |
T1210 |
Exploitation of Remote Services |
aws_rds |
AWS RDS |
respond |
significant |
T1210 |
Exploitation of Remote Services |
aws_rds |
AWS RDS |
protect |
significant |
T1485 |
Data Destruction |
aws_rds |
AWS RDS |
detect |
partial |
T1485 |
Data Destruction |
aws_rds |
AWS RDS |
respond |
significant |
T1485 |
Data Destruction |
aws_rds |
AWS RDS |
respond |
significant |
T1486 |
Data Encrypted for Impact |
aws_rds |
AWS RDS |
detect |
partial |
T1489 |
Service Stop |
aws_rds |
AWS RDS |
detect |
partial |
T1490 |
Inhibit System Recovery |
aws_rds |
AWS RDS |
respond |
significant |
T1490 |
Inhibit System Recovery |
aws_rds |
AWS RDS |
detect |
partial |
T1529 |
System Shutdown/Reboot |
aws_rds |
AWS RDS |
protect |
significant |
T1530 |
Data from Cloud Storage Object |
aws_rds |
AWS RDS |
protect |
partial |
T1557 |
Man-in-the-Middle |
aws_rds |
AWS RDS |
respond |
minimal |
T1561 |
Disk Wipe |
aws_rds |
AWS RDS |
respond |
minimal |
T1561.001 |
Disk Content Wipe |
aws_rds |
AWS RDS |
respond |
minimal |
T1561.002 |
Disk Structure Wipe |
aws_rds |
AWS RDS |
protect |
partial |
T1565 |
Data Manipulation |
aws_rds |
AWS RDS |
respond |
significant |
T1565 |
Data Manipulation |
aws_rds |
AWS RDS |
protect |
significant |
T1565.001 |
Stored Data Manipulation |
aws_rds |
AWS RDS |
respond |
significant |
T1565.001 |
Stored Data Manipulation |
aws_rds |
AWS RDS |
protect |
significant |
T1565.002 |
Transmitted Data Manipulation |
aws_rds |
AWS RDS |
respond |
significant |
T1565.002 |
Transmitted Data Manipulation |
aws_s3 |
AWS S3 |
protect |
significant |
T1485 |
Data Destruction |
aws_s3 |
AWS S3 |
protect |
significant |
T1530 |
Data from Cloud Storage Object |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1212 |
Exploitation for Credential Access |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1528 |
Steal Application Access Token |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1552 |
Unsecured Credentials |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1552.001 |
Credentials In Files |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1552.002 |
Credentials in Registry |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1552.004 |
Private Keys |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1555 |
Credentials from Password Stores |
aws_secrets_manager |
AWS Secrets Manager |
protect |
partial |
T1555.006 |
Cloud Secrets Management Stores |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1068 |
Exploitation for Privilege Escalation |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1078 |
Valid Accounts |
aws_security_hub |
AWS Security Hub |
detect |
significant |
T1078.004 |
Cloud Accounts |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1098 |
Account Manipulation |
aws_security_hub |
AWS Security Hub |
detect |
significant |
T1098.001 |
Additional Cloud Credentials |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1110 |
Brute Force |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1110.001 |
Password Guessing |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1110.003 |
Password Spraying |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1110.004 |
Credential Stuffing |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1190 |
Exploit Public-Facing Application |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1203 |
Exploitation for Client Execution |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1210 |
Exploitation of Remote Services |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1211 |
Exploitation for Defense Evasion |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1212 |
Exploitation for Credential Access |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1485 |
Data Destruction |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1530 |
Data from Cloud Storage Object |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1531 |
Account Access Removal |
aws_security_hub |
AWS Security Hub |
protect |
significant |
T1543.005 |
Container Service |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1562 |
Impair Defenses |
aws_security_hub |
AWS Security Hub |
detect |
significant |
T1562.001 |
Disable or Modify Tools |
aws_security_hub |
AWS Security Hub |
detect |
significant |
T1562.007 |
Disable or Modify Cloud Firewall |
aws_security_hub |
AWS Security Hub |
detect |
significant |
T1562.008 |
Disable Cloud Logs |
aws_security_hub |
AWS Security Hub |
detect |
partial |
T1580 |
Cloud Infrastructure Discovery |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1589 |
Gather Victim Identity Information |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1589.001 |
Credentials |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1589.002 |
Email Addresses |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1589.003 |
Employee Names |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1590 |
Gather Victim Network Information |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1590.001 |
Domain Properties |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1590.002 |
DNS |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1590.003 |
Network Trust Dependencies |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1590.004 |
Network Topology |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1590.005 |
IP Addresses |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1590.006 |
Network Security Appliances |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1591 |
Gather Victim Org Information |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1591.001 |
Determine Physical Locations |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1591.002 |
Business Relationships |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1591.003 |
Identify Business Tempo |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1591.004 |
Identify Roles |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1592 |
Gather Victim Host Information |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1592.001 |
Hardware |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1592.002 |
Software |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1592.003 |
Firmware |
aws_security_hub |
AWS Security Hub |
detect |
minimal |
T1592.004 |
Client Configurations |
aws_security_hub |
AWS Security Hub |
protect |
partial |
T1651 |
Cloud Administration Command |
aws_shield |
AWS Shield |
respond |
significant |
T1498 |
Network Denial of Service |
aws_shield |
AWS Shield |
respond |
significant |
T1498.001 |
Direct Network Flood |
aws_shield |
AWS Shield |
respond |
significant |
T1498.002 |
Reflection Amplification |
aws_shield |
AWS Shield |
respond |
significant |
T1499 |
Endpoint Denial of Service |
aws_shield |
AWS Shield |
respond |
significant |
T1499.001 |
OS Exhaustion Flood |
aws_shield |
AWS Shield |
respond |
significant |
T1499.002 |
Service Exhaustion Flood |
aws_shield |
AWS Shield |
respond |
significant |
T1499.003 |
Application Exhaustion Flood |
aws_single_sign-on |
AWS Single Sign-On |
protect |
partial |
T1078 |
Valid Accounts |
aws_single_sign-on |
AWS Single Sign-On |
protect |
partial |
T1078.002 |
Domain Accounts |
aws_single_sign-on |
AWS Single Sign-On |
protect |
partial |
T1078.004 |
Cloud Accounts |
aws_single_sign-on |
AWS Single Sign-On |
protect |
partial |
T1110 |
Brute Force |
aws_single_sign-on |
AWS Single Sign-On |
protect |
significant |
T1110.001 |
Password Guessing |
aws_single_sign-on |
AWS Single Sign-On |
protect |
significant |
T1110.003 |
Password Spraying |
aws_single_sign-on |
AWS Single Sign-On |
protect |
significant |
T1110.004 |
Credential Stuffing |
aws_single_sign-on |
AWS Single Sign-On |
protect |
significant |
T1133 |
External Remote Services |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1046 |
Network Service Scanning |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1059 |
Command and Scripting Interpreter |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
significant |
T1059.001 |
PowerShell |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
significant |
T1059.004 |
Unix Shell |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
significant |
T1059.007 |
JavaScript |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
minimal |
T1071 |
Application Layer Protocol |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
minimal |
T1071.001 |
Web Protocols |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1090 |
Proxy |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1090.002 |
External Proxy |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1090.003 |
Multi-hop Proxy |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
significant |
T1189 |
Drive-by Compromise |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
significant |
T1190 |
Exploit Public-Facing Application |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
significant |
T1203 |
Exploitation for Client Execution |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1595 |
Active Scanning |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1595.001 |
Scanning IP Blocks |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1595.002 |
Vulnerability Scanning |
aws_web_application_firewall |
AWS Web Application Firewall |
protect |
partial |
T1595.003 |
Wordlist Scanning |