AWS aws_network_firewall Mappings

The AWS Network Firewall provides a stateful network firewall and intrusion detection and prevention system (via Suricata) at the perimeter of virtual private clouds (VPCs). It is able to filter traffic going to and coming from an internet gateway, NAT gateway, VPN, or AWS Direct Connect.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
aws_network_firewall AWS Network Firewall protect partial T1008 Fallback Channels
aws_network_firewall AWS Network Firewall protect partial T1018 Remote System Discovery
aws_network_firewall AWS Network Firewall protect partial T1021 Remote Services
aws_network_firewall AWS Network Firewall protect partial T1021.001 Remote Desktop Protocol
aws_network_firewall AWS Network Firewall protect partial T1021.002 SMB/Windows Admin Shares
aws_network_firewall AWS Network Firewall protect partial T1021.004 SSH
aws_network_firewall AWS Network Firewall protect partial T1021.005 VNC
aws_network_firewall AWS Network Firewall protect partial T1021.006 Windows Remote Management
aws_network_firewall AWS Network Firewall protect partial T1041 Exfiltration Over C2 Channel
aws_network_firewall AWS Network Firewall protect partial T1046 Network Service Scanning
aws_network_firewall AWS Network Firewall protect partial T1048 Exfiltration Over Alternative Protocol
aws_network_firewall AWS Network Firewall protect partial T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
aws_network_firewall AWS Network Firewall protect partial T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
aws_network_firewall AWS Network Firewall protect partial T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
aws_network_firewall AWS Network Firewall protect significant T1071 Application Layer Protocol
aws_network_firewall AWS Network Firewall protect significant T1071.001 Web Protocols
aws_network_firewall AWS Network Firewall protect significant T1071.002 File Transfer Protocols
aws_network_firewall AWS Network Firewall protect significant T1071.003 Mail Protocols
aws_network_firewall AWS Network Firewall protect significant T1071.004 DNS
aws_network_firewall AWS Network Firewall protect partial T1090 Proxy
aws_network_firewall AWS Network Firewall protect partial T1090.002 External Proxy
aws_network_firewall AWS Network Firewall protect partial T1090.003 Multi-hop Proxy
aws_network_firewall AWS Network Firewall protect significant T1095 Non-Application Layer Protocol
aws_network_firewall AWS Network Firewall protect partial T1104 Multi-Stage Channels
aws_network_firewall AWS Network Firewall protect partial T1133 External Remote Services
aws_network_firewall AWS Network Firewall protect significant T1187 Forced Authentication
aws_network_firewall AWS Network Firewall protect partial T1205 Traffic Signaling
aws_network_firewall AWS Network Firewall protect partial T1205.001 Port Knocking
aws_network_firewall AWS Network Firewall protect partial T1205.002 Socket Filters
aws_network_firewall AWS Network Firewall protect partial T1219 Remote Access Software
aws_network_firewall AWS Network Firewall protect minimal T1498 Network Denial of Service
aws_network_firewall AWS Network Firewall protect minimal T1498.001 Direct Network Flood
aws_network_firewall AWS Network Firewall protect minimal T1498.002 Reflection Amplification
aws_network_firewall AWS Network Firewall protect partial T1499 Endpoint Denial of Service
aws_network_firewall AWS Network Firewall protect partial T1499.001 OS Exhaustion Flood
aws_network_firewall AWS Network Firewall protect partial T1499.002 Service Exhaustion Flood
aws_network_firewall AWS Network Firewall protect partial T1499.003 Application Exhaustion Flood
aws_network_firewall AWS Network Firewall protect partial T1530 Data from Cloud Storage Object
aws_network_firewall AWS Network Firewall protect minimal T1542 Pre-OS Boot
aws_network_firewall AWS Network Firewall protect partial T1542.005 TFTP Boot
aws_network_firewall AWS Network Firewall protect significant T1571 Non-Standard Port
aws_network_firewall AWS Network Firewall protect partial T1572 Protocol Tunneling
aws_network_firewall AWS Network Firewall detect partial T1589 Gather Victim Identity Information
aws_network_firewall AWS Network Firewall detect minimal T1589.001 Credentials
aws_network_firewall AWS Network Firewall detect partial T1589.002 Email Addresses
aws_network_firewall AWS Network Firewall detect minimal T1589.003 Employee Names
aws_network_firewall AWS Network Firewall protect partial T1590 Gather Victim Network Information
aws_network_firewall AWS Network Firewall protect partial T1590.001 Domain Properties
aws_network_firewall AWS Network Firewall protect partial T1590.004 Network Topology
aws_network_firewall AWS Network Firewall protect partial T1590.005 IP Addresses
aws_network_firewall AWS Network Firewall protect partial T1590.006 Network Security Appliances
aws_network_firewall AWS Network Firewall protect partial T1595 Active Scanning
aws_network_firewall AWS Network Firewall protect partial T1595.001 Scanning IP Blocks
aws_network_firewall AWS Network Firewall protect partial T1595.002 Vulnerability Scanning