AWS amazon_inspector Mappings

Amazon Inspector is an automated assessment service that evaluates the security and compliance of applications in AWS. It supports assessment packages for CVEs, CIS Benchmarks (various Windows and Linux platforms), Best Practices (Linux only), and Network Reachability. The result of running an assessment is a list of findings that can be used to inform decision-making processes that improve the security of applications.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
amazon_inspector Amazon Inspector protect minimal T1003 OS Credential Dumping
amazon_inspector Amazon Inspector protect minimal T1003.007 Proc Filesystem
amazon_inspector Amazon Inspector protect minimal T1003.008 /etc/passwd and /etc/shadow
amazon_inspector Amazon Inspector protect minimal T1021 Remote Services
amazon_inspector Amazon Inspector protect minimal T1021.004 SSH
amazon_inspector Amazon Inspector protect minimal T1037 Boot or Logon Initialization Scripts
amazon_inspector Amazon Inspector protect partial T1037.004 RC Scripts
amazon_inspector Amazon Inspector protect partial T1046 Network Service Scanning
amazon_inspector Amazon Inspector protect minimal T1053 Scheduled Task/Job
amazon_inspector Amazon Inspector protect minimal T1053.001 At (Linux)
amazon_inspector Amazon Inspector protect minimal T1053.003 Cron
amazon_inspector Amazon Inspector protect minimal T1053.006 Systemd Timers
amazon_inspector Amazon Inspector protect partial T1068 Exploitation for Privilege Escalation
amazon_inspector Amazon Inspector protect minimal T1070 Indicator Removal on Host
amazon_inspector Amazon Inspector protect minimal T1070.002 Clear Linux or Mac System Logs
amazon_inspector Amazon Inspector protect minimal T1070.003 Clear Command History
amazon_inspector Amazon Inspector protect minimal T1070.004 File Deletion
amazon_inspector Amazon Inspector protect minimal T1070.005 Network Share Connection Removal
amazon_inspector Amazon Inspector protect minimal T1070.006 Timestomp
amazon_inspector Amazon Inspector protect minimal T1070.007 Clear Network Connection History and Configurations
amazon_inspector Amazon Inspector protect minimal T1070.008 Clear Mailbox Data
amazon_inspector Amazon Inspector protect minimal T1070.009 Clear Persistence
amazon_inspector Amazon Inspector protect minimal T1110 Brute Force
amazon_inspector Amazon Inspector protect minimal T1110.001 Password Guessing
amazon_inspector Amazon Inspector protect minimal T1110.002 Password Cracking
amazon_inspector Amazon Inspector protect minimal T1110.003 Password Spraying
amazon_inspector Amazon Inspector protect minimal T1110.004 Credential Stuffing
amazon_inspector Amazon Inspector protect minimal T1133 External Remote Services
amazon_inspector Amazon Inspector protect partial T1189 Drive-by Compromise
amazon_inspector Amazon Inspector protect partial T1190 Exploit Public-Facing Application
amazon_inspector Amazon Inspector protect partial T1203 Exploitation for Client Execution
amazon_inspector Amazon Inspector protect partial T1210 Exploitation of Remote Services
amazon_inspector Amazon Inspector protect partial T1211 Exploitation for Defense Evasion
amazon_inspector Amazon Inspector protect partial T1212 Exploitation for Credential Access
amazon_inspector Amazon Inspector protect minimal T1222 File and Directory Permissions Modification
amazon_inspector Amazon Inspector protect partial T1222.002 Linux and Mac File and Directory Permissions Modification
amazon_inspector Amazon Inspector protect minimal T1489 Service Stop
amazon_inspector Amazon Inspector protect minimal T1529 System Shutdown/Reboot
amazon_inspector Amazon Inspector protect minimal T1543 Create or Modify System Process
amazon_inspector Amazon Inspector protect partial T1543.002 Systemd Service
amazon_inspector Amazon Inspector protect minimal T1548 Abuse Elevation Control Mechanism
amazon_inspector Amazon Inspector protect minimal T1548.003 Sudo and Sudo Caching
amazon_inspector Amazon Inspector protect minimal T1562 Impair Defenses
amazon_inspector Amazon Inspector protect minimal T1562.001 Disable or Modify Tools
amazon_inspector Amazon Inspector protect minimal T1562.003 Impair Command History Logging
amazon_inspector Amazon Inspector protect minimal T1562.004 Disable or Modify System Firewall
amazon_inspector Amazon Inspector protect minimal T1562.006 Indicator Blocking
amazon_inspector Amazon Inspector protect partial T1595 Active Scanning
amazon_inspector Amazon Inspector protect partial T1595.001 Scanning IP Blocks
amazon_inspector Amazon Inspector protect partial T1595.002 Vulnerability Scanning
amazon_inspector Amazon Inspector protect minimal T1599 Network Boundary Bridging
amazon_inspector Amazon Inspector protect minimal T1599.001 Network Address Translation Traversal