AWS aws_config Mappings

AWS Config rules evaluate the configuration settings of AWS resources in order to detect resources that are out of compliance with internal policies and best practices.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
aws_config AWS Config protect minimal T1020 Automated Exfiltration
aws_config AWS Config protect partial T1020.001 Traffic Duplication
aws_config AWS Config protect partial T1040 Network Sniffing
aws_config AWS Config protect minimal T1053 Scheduled Task/Job
aws_config AWS Config protect partial T1053.007 Container Orchestration Job
aws_config AWS Config protect partial T1068 Exploitation for Privilege Escalation
aws_config AWS Config protect minimal T1078 Valid Accounts
aws_config AWS Config protect significant T1078.004 Cloud Accounts
aws_config AWS Config protect minimal T1098 Account Manipulation
aws_config AWS Config protect partial T1098.001 Additional Cloud Credentials
aws_config AWS Config protect partial T1098.005 Device Registration
aws_config AWS Config protect significant T1110 Brute Force
aws_config AWS Config protect significant T1110.001 Password Guessing
aws_config AWS Config protect significant T1110.002 Password Cracking
aws_config AWS Config protect significant T1110.003 Password Spraying
aws_config AWS Config protect significant T1110.004 Credential Stuffing
aws_config AWS Config protect minimal T1119 Automated Collection
aws_config AWS Config protect minimal T1136 Create Account
aws_config AWS Config protect partial T1136.003 Cloud Account
aws_config AWS Config protect partial T1190 Exploit Public-Facing Application
aws_config AWS Config protect partial T1203 Exploitation for Client Execution
aws_config AWS Config detect minimal T1204 User Execution
aws_config AWS Config detect significant T1204.003 Malicious Image
aws_config AWS Config protect partial T1210 Exploitation of Remote Services
aws_config AWS Config protect partial T1211 Exploitation for Defense Evasion
aws_config AWS Config protect partial T1212 Exploitation for Credential Access
aws_config AWS Config protect partial T1485 Data Destruction
aws_config AWS Config protect partial T1486 Data Encrypted for Impact
aws_config AWS Config protect significant T1491 Defacement
aws_config AWS Config protect significant T1491.001 Internal Defacement
aws_config AWS Config protect significant T1491.002 External Defacement
aws_config AWS Config detect partial T1496 Resource Hijacking
aws_config AWS Config protect minimal T1498 Network Denial of Service
aws_config AWS Config protect minimal T1498.001 Direct Network Flood
aws_config AWS Config protect minimal T1498.002 Reflection Amplification
aws_config AWS Config protect minimal T1499 Endpoint Denial of Service
aws_config AWS Config protect minimal T1499.001 OS Exhaustion Flood
aws_config AWS Config protect minimal T1499.002 Service Exhaustion Flood
aws_config AWS Config protect minimal T1499.003 Application Exhaustion Flood
aws_config AWS Config protect minimal T1499.004 Application or System Exploitation
aws_config AWS Config detect minimal T1525 Implant Internal Image
aws_config AWS Config protect significant T1530 Data from Cloud Storage Object
aws_config AWS Config protect significant T1538 Cloud Service Dashboard
aws_config AWS Config protect partial T1552 Unsecured Credentials
aws_config AWS Config protect partial T1552.001 Credentials In Files
aws_config AWS Config protect partial T1552.005 Cloud Instance Metadata API
aws_config AWS Config protect partial T1552.007 Container API
aws_config AWS Config protect minimal T1557 Man-in-the-Middle
aws_config AWS Config detect minimal T1562 Impair Defenses
aws_config AWS Config detect partial T1562.001 Disable or Modify Tools
aws_config AWS Config detect significant T1562.007 Disable or Modify Cloud Firewall
aws_config AWS Config detect significant T1562.008 Disable Cloud Logs
aws_config AWS Config detect partial T1578.005 Modify Cloud Compute Configurations
aws_config AWS Config protect partial T1609 Container Administration Command
aws_config AWS Config protect partial T1610 Deploy Container
aws_config AWS Config protect partial T1611 Escape to Host
aws_config AWS Config protect partial T1613 Container and Resource Discovery
aws_config AWS Config protect significant T1651 Cloud Administration Command