ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and AWS 12.12.2024.
Change versions here.
Home
Mapping Frameworks
AWS Home
AWS IoT Device Defender Capability Group
AWS
AWS IoT Device Defender
Capability Group
All Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
aws_iot_device_defender
AWS IoT Device Defender
protect
minimal
T1020
Automated Exfiltration
aws_iot_device_defender
AWS IoT Device Defender
protect
partial
T1020.001
Traffic Duplication
aws_iot_device_defender
AWS IoT Device Defender
protect
partial
T1040
Network Sniffing
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1041
Exfiltration Over C2 Channel
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1046
Network Service Scanning
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1048
Exfiltration Over Alternative Protocol
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1048.001
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1048.002
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1048.003
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
aws_iot_device_defender
AWS IoT Device Defender
detect
minimal
T1071
Application Layer Protocol
aws_iot_device_defender
AWS IoT Device Defender
detect
minimal
T1078
Valid Accounts
aws_iot_device_defender
AWS IoT Device Defender
protect
minimal
T1078
Valid Accounts
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1078.004
Cloud Accounts
aws_iot_device_defender
AWS IoT Device Defender
protect
partial
T1078.004
Cloud Accounts
aws_iot_device_defender
AWS IoT Device Defender
detect
minimal
T1095
Non-Application Layer Protocol
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1496
Resource Hijacking
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1530
Data from Cloud Storage Object
aws_iot_device_defender
AWS IoT Device Defender
detect
minimal
T1552
Unsecured Credentials
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1552.004
Private Keys
aws_iot_device_defender
AWS IoT Device Defender
protect
minimal
T1557
Man-in-the-Middle
aws_iot_device_defender
AWS IoT Device Defender
detect
minimal
T1562
Impair Defenses
aws_iot_device_defender
AWS IoT Device Defender
respond
minimal
T1562
Impair Defenses
aws_iot_device_defender
AWS IoT Device Defender
detect
partial
T1562.008
Disable Cloud Logs
aws_iot_device_defender
AWS IoT Device Defender
respond
partial
T1562.008
Disable Cloud Logs
Capabilities
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Name
Number of Mappings
aws_iot_device_defender
AWS IoT Device Defender
24