AWS Amazon GuardDuty Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
amazon_guardduty Amazon GuardDuty detect partial T1020 Automated Exfiltration
amazon_guardduty Amazon GuardDuty detect partial T1021.008 Direct Cloud VM Connections
amazon_guardduty Amazon GuardDuty detect minimal T1029 Scheduled Transfer
amazon_guardduty Amazon GuardDuty detect minimal T1041 Exfiltration Over C2 Channel
amazon_guardduty Amazon GuardDuty detect partial T1046 Network Service Scanning
amazon_guardduty Amazon GuardDuty detect partial T1048 Exfiltration Over Alternative Protocol
amazon_guardduty Amazon GuardDuty detect partial T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
amazon_guardduty Amazon GuardDuty detect partial T1059.009 Cloud API
amazon_guardduty Amazon GuardDuty detect partial T1071 Application Layer Protocol
amazon_guardduty Amazon GuardDuty detect partial T1071.001 Web Protocols
amazon_guardduty Amazon GuardDuty detect partial T1071.002 File Transfer Protocols
amazon_guardduty Amazon GuardDuty detect partial T1071.003 Mail Protocols
amazon_guardduty Amazon GuardDuty detect partial T1071.004 DNS
amazon_guardduty Amazon GuardDuty detect partial T1078 Valid Accounts
amazon_guardduty Amazon GuardDuty detect partial T1078.001 Default Accounts
amazon_guardduty Amazon GuardDuty detect partial T1078.004 Cloud Accounts
amazon_guardduty Amazon GuardDuty detect minimal T1090 Proxy
amazon_guardduty Amazon GuardDuty detect minimal T1090.001 Internal Proxy
amazon_guardduty Amazon GuardDuty detect minimal T1090.002 External Proxy
amazon_guardduty Amazon GuardDuty detect minimal T1090.003 Multi-hop Proxy
amazon_guardduty Amazon GuardDuty detect partial T1098 Account Manipulation
amazon_guardduty Amazon GuardDuty detect partial T1098.001 Additional Cloud Credentials
amazon_guardduty Amazon GuardDuty detect partial T1098.004 SSH Authorized Keys
amazon_guardduty Amazon GuardDuty detect minimal T1110 Brute Force
amazon_guardduty Amazon GuardDuty detect minimal T1110.001 Password Guessing
amazon_guardduty Amazon GuardDuty detect minimal T1110.003 Password Spraying
amazon_guardduty Amazon GuardDuty detect minimal T1110.004 Credential Stuffing
amazon_guardduty Amazon GuardDuty detect partial T1189 Drive-by Compromise
amazon_guardduty Amazon GuardDuty detect minimal T1190 Exploit Public-Facing Application
amazon_guardduty Amazon GuardDuty detect partial T1485 Data Destruction
amazon_guardduty Amazon GuardDuty detect partial T1486 Data Encrypted for Impact
amazon_guardduty Amazon GuardDuty detect partial T1491 Defacement
amazon_guardduty Amazon GuardDuty detect partial T1491.001 Internal Defacement
amazon_guardduty Amazon GuardDuty detect partial T1491.002 External Defacement
amazon_guardduty Amazon GuardDuty detect partial T1496 Resource Hijacking
amazon_guardduty Amazon GuardDuty detect partial T1498 Network Denial of Service
amazon_guardduty Amazon GuardDuty detect partial T1498.001 Direct Network Flood
amazon_guardduty Amazon GuardDuty detect partial T1498.002 Reflection Amplification
amazon_guardduty Amazon GuardDuty detect partial T1526 Cloud Service Discovery
amazon_guardduty Amazon GuardDuty detect partial T1530 Data from Cloud Storage Object
amazon_guardduty Amazon GuardDuty detect partial T1531 Account Access Removal
amazon_guardduty Amazon GuardDuty detect minimal T1552 Unsecured Credentials
amazon_guardduty Amazon GuardDuty detect partial T1552.001 Credentials In Files
amazon_guardduty Amazon GuardDuty detect minimal T1552.005 Cloud Instance Metadata API
amazon_guardduty Amazon GuardDuty detect partial T1562 Impair Defenses
amazon_guardduty Amazon GuardDuty detect partial T1562.001 Disable or Modify Tools
amazon_guardduty Amazon GuardDuty detect partial T1562.006 Indicator Blocking
amazon_guardduty Amazon GuardDuty detect partial T1562.008 Disable Cloud Logs
amazon_guardduty Amazon GuardDuty detect partial T1565 Data Manipulation
amazon_guardduty Amazon GuardDuty detect partial T1565.001 Stored Data Manipulation
amazon_guardduty Amazon GuardDuty detect partial T1566 Phishing
amazon_guardduty Amazon GuardDuty detect partial T1566.001 Spearphishing Attachment
amazon_guardduty Amazon GuardDuty detect partial T1566.002 Spearphishing Link
amazon_guardduty Amazon GuardDuty detect partial T1566.003 Spearphishing via Service
amazon_guardduty Amazon GuardDuty detect partial T1567 Exfiltration Over Web Service
amazon_guardduty Amazon GuardDuty detect partial T1567.001 Exfiltration to Code Repository
amazon_guardduty Amazon GuardDuty detect partial T1567.002 Exfiltration to Cloud Storage
amazon_guardduty Amazon GuardDuty detect partial T1567.003 Exfiltration to Text Storage Sites
amazon_guardduty Amazon GuardDuty detect partial T1567.004 Exfiltration Over Webhook
amazon_guardduty Amazon GuardDuty detect partial T1568 Dynamic Resolution
amazon_guardduty Amazon GuardDuty detect partial T1568.002 Domain Generation Algorithms
amazon_guardduty Amazon GuardDuty detect partial T1571 Non-Standard Port
amazon_guardduty Amazon GuardDuty detect partial T1580 Cloud Infrastructure Discovery
amazon_guardduty Amazon GuardDuty detect partial T1595 Active Scanning
amazon_guardduty Amazon GuardDuty detect partial T1595.001 Scanning IP Blocks
amazon_guardduty Amazon GuardDuty detect partial T1595.002 Vulnerability Scanning
amazon_guardduty Amazon GuardDuty detect partial T1619 Cloud Storage Object Discovery
amazon_guardduty Amazon GuardDuty detect partial T1622 Debugger Evasion
amazon_guardduty Amazon GuardDuty detect partial T1649 Steal or Forge Authentication Certificates

Capabilities

Capability ID Capability Name Number of Mappings
amazon_guardduty Amazon GuardDuty 69