ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and AWS 12.12.2024.
Change versions here.
Home
Mapping Frameworks
AWS Home
Amazon GuardDuty Capability Group
AWS
Amazon GuardDuty
Capability Group
All Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
amazon_guardduty
Amazon GuardDuty
detect
partial
T1020
Automated Exfiltration
amazon_guardduty
Amazon GuardDuty
detect
partial
T1021.008
Direct Cloud VM Connections
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1029
Scheduled Transfer
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1041
Exfiltration Over C2 Channel
amazon_guardduty
Amazon GuardDuty
detect
partial
T1046
Network Service Scanning
amazon_guardduty
Amazon GuardDuty
detect
partial
T1048
Exfiltration Over Alternative Protocol
amazon_guardduty
Amazon GuardDuty
detect
partial
T1048.003
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
amazon_guardduty
Amazon GuardDuty
detect
partial
T1059.009
Cloud API
amazon_guardduty
Amazon GuardDuty
detect
partial
T1071
Application Layer Protocol
amazon_guardduty
Amazon GuardDuty
detect
partial
T1071.001
Web Protocols
amazon_guardduty
Amazon GuardDuty
detect
partial
T1071.002
File Transfer Protocols
amazon_guardduty
Amazon GuardDuty
detect
partial
T1071.003
Mail Protocols
amazon_guardduty
Amazon GuardDuty
detect
partial
T1071.004
DNS
amazon_guardduty
Amazon GuardDuty
detect
partial
T1078
Valid Accounts
amazon_guardduty
Amazon GuardDuty
detect
partial
T1078.001
Default Accounts
amazon_guardduty
Amazon GuardDuty
detect
partial
T1078.004
Cloud Accounts
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1090
Proxy
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1090.001
Internal Proxy
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1090.002
External Proxy
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1090.003
Multi-hop Proxy
amazon_guardduty
Amazon GuardDuty
detect
partial
T1098
Account Manipulation
amazon_guardduty
Amazon GuardDuty
detect
partial
T1098.001
Additional Cloud Credentials
amazon_guardduty
Amazon GuardDuty
detect
partial
T1098.004
SSH Authorized Keys
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1110
Brute Force
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1110.001
Password Guessing
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1110.003
Password Spraying
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1110.004
Credential Stuffing
amazon_guardduty
Amazon GuardDuty
detect
partial
T1189
Drive-by Compromise
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1190
Exploit Public-Facing Application
amazon_guardduty
Amazon GuardDuty
detect
partial
T1485
Data Destruction
amazon_guardduty
Amazon GuardDuty
detect
partial
T1486
Data Encrypted for Impact
amazon_guardduty
Amazon GuardDuty
detect
partial
T1491
Defacement
amazon_guardduty
Amazon GuardDuty
detect
partial
T1491.001
Internal Defacement
amazon_guardduty
Amazon GuardDuty
detect
partial
T1491.002
External Defacement
amazon_guardduty
Amazon GuardDuty
detect
partial
T1496
Resource Hijacking
amazon_guardduty
Amazon GuardDuty
detect
partial
T1498
Network Denial of Service
amazon_guardduty
Amazon GuardDuty
detect
partial
T1498.001
Direct Network Flood
amazon_guardduty
Amazon GuardDuty
detect
partial
T1498.002
Reflection Amplification
amazon_guardduty
Amazon GuardDuty
detect
partial
T1526
Cloud Service Discovery
amazon_guardduty
Amazon GuardDuty
detect
partial
T1530
Data from Cloud Storage Object
amazon_guardduty
Amazon GuardDuty
detect
partial
T1531
Account Access Removal
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1552
Unsecured Credentials
amazon_guardduty
Amazon GuardDuty
detect
partial
T1552.001
Credentials In Files
amazon_guardduty
Amazon GuardDuty
detect
minimal
T1552.005
Cloud Instance Metadata API
amazon_guardduty
Amazon GuardDuty
detect
partial
T1562
Impair Defenses
amazon_guardduty
Amazon GuardDuty
detect
partial
T1562.001
Disable or Modify Tools
amazon_guardduty
Amazon GuardDuty
detect
partial
T1562.006
Indicator Blocking
amazon_guardduty
Amazon GuardDuty
detect
partial
T1562.008
Disable Cloud Logs
amazon_guardduty
Amazon GuardDuty
detect
partial
T1565
Data Manipulation
amazon_guardduty
Amazon GuardDuty
detect
partial
T1565.001
Stored Data Manipulation
amazon_guardduty
Amazon GuardDuty
detect
partial
T1566
Phishing
amazon_guardduty
Amazon GuardDuty
detect
partial
T1566.001
Spearphishing Attachment
amazon_guardduty
Amazon GuardDuty
detect
partial
T1566.002
Spearphishing Link
amazon_guardduty
Amazon GuardDuty
detect
partial
T1566.003
Spearphishing via Service
amazon_guardduty
Amazon GuardDuty
detect
partial
T1567
Exfiltration Over Web Service
amazon_guardduty
Amazon GuardDuty
detect
partial
T1567.001
Exfiltration to Code Repository
amazon_guardduty
Amazon GuardDuty
detect
partial
T1567.002
Exfiltration to Cloud Storage
amazon_guardduty
Amazon GuardDuty
detect
partial
T1567.003
Exfiltration to Text Storage Sites
amazon_guardduty
Amazon GuardDuty
detect
partial
T1567.004
Exfiltration Over Webhook
amazon_guardduty
Amazon GuardDuty
detect
partial
T1568
Dynamic Resolution
amazon_guardduty
Amazon GuardDuty
detect
partial
T1568.002
Domain Generation Algorithms
amazon_guardduty
Amazon GuardDuty
detect
partial
T1571
Non-Standard Port
amazon_guardduty
Amazon GuardDuty
detect
partial
T1580
Cloud Infrastructure Discovery
amazon_guardduty
Amazon GuardDuty
detect
partial
T1595
Active Scanning
amazon_guardduty
Amazon GuardDuty
detect
partial
T1595.001
Scanning IP Blocks
amazon_guardduty
Amazon GuardDuty
detect
partial
T1595.002
Vulnerability Scanning
amazon_guardduty
Amazon GuardDuty
detect
partial
T1619
Cloud Storage Object Discovery
amazon_guardduty
Amazon GuardDuty
detect
partial
T1622
Debugger Evasion
amazon_guardduty
Amazon GuardDuty
detect
partial
T1649
Steal or Forge Authentication Certificates
Capabilities
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Name
Number of Mappings
amazon_guardduty
Amazon GuardDuty
69