ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and AWS 12.12.2024.
Change versions here.
Home
Mapping Frameworks
AWS Home
AWS Security Hub Capability Group
AWS
AWS Security Hub
Capability Group
All Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
aws_security_hub
AWS Security Hub
detect
partial
T1068
Exploitation for Privilege Escalation
aws_security_hub
AWS Security Hub
detect
minimal
T1078
Valid Accounts
aws_security_hub
AWS Security Hub
detect
significant
T1078.004
Cloud Accounts
aws_security_hub
AWS Security Hub
detect
minimal
T1098
Account Manipulation
aws_security_hub
AWS Security Hub
detect
significant
T1098.001
Additional Cloud Credentials
aws_security_hub
AWS Security Hub
detect
minimal
T1110
Brute Force
aws_security_hub
AWS Security Hub
detect
minimal
T1110.001
Password Guessing
aws_security_hub
AWS Security Hub
detect
minimal
T1110.003
Password Spraying
aws_security_hub
AWS Security Hub
detect
minimal
T1110.004
Credential Stuffing
aws_security_hub
AWS Security Hub
detect
partial
T1190
Exploit Public-Facing Application
aws_security_hub
AWS Security Hub
detect
partial
T1203
Exploitation for Client Execution
aws_security_hub
AWS Security Hub
detect
partial
T1210
Exploitation of Remote Services
aws_security_hub
AWS Security Hub
detect
partial
T1211
Exploitation for Defense Evasion
aws_security_hub
AWS Security Hub
detect
partial
T1212
Exploitation for Credential Access
aws_security_hub
AWS Security Hub
detect
minimal
T1485
Data Destruction
aws_security_hub
AWS Security Hub
detect
partial
T1530
Data from Cloud Storage Object
aws_security_hub
AWS Security Hub
detect
partial
T1531
Account Access Removal
aws_security_hub
AWS Security Hub
protect
significant
T1543.005
Container Service
aws_security_hub
AWS Security Hub
detect
partial
T1562
Impair Defenses
aws_security_hub
AWS Security Hub
detect
significant
T1562.001
Disable or Modify Tools
aws_security_hub
AWS Security Hub
detect
significant
T1562.007
Disable or Modify Cloud Firewall
aws_security_hub
AWS Security Hub
detect
significant
T1562.008
Disable Cloud Logs
aws_security_hub
AWS Security Hub
detect
partial
T1580
Cloud Infrastructure Discovery
aws_security_hub
AWS Security Hub
detect
minimal
T1589
Gather Victim Identity Information
aws_security_hub
AWS Security Hub
detect
minimal
T1589.001
Credentials
aws_security_hub
AWS Security Hub
detect
minimal
T1589.002
Email Addresses
aws_security_hub
AWS Security Hub
detect
minimal
T1589.003
Employee Names
aws_security_hub
AWS Security Hub
detect
minimal
T1590
Gather Victim Network Information
aws_security_hub
AWS Security Hub
detect
minimal
T1590.001
Domain Properties
aws_security_hub
AWS Security Hub
detect
minimal
T1590.002
DNS
aws_security_hub
AWS Security Hub
detect
minimal
T1590.003
Network Trust Dependencies
aws_security_hub
AWS Security Hub
detect
minimal
T1590.004
Network Topology
aws_security_hub
AWS Security Hub
detect
minimal
T1590.005
IP Addresses
aws_security_hub
AWS Security Hub
detect
minimal
T1590.006
Network Security Appliances
aws_security_hub
AWS Security Hub
detect
minimal
T1591
Gather Victim Org Information
aws_security_hub
AWS Security Hub
detect
minimal
T1591.001
Determine Physical Locations
aws_security_hub
AWS Security Hub
detect
minimal
T1591.002
Business Relationships
aws_security_hub
AWS Security Hub
detect
minimal
T1591.003
Identify Business Tempo
aws_security_hub
AWS Security Hub
detect
minimal
T1591.004
Identify Roles
aws_security_hub
AWS Security Hub
detect
minimal
T1592
Gather Victim Host Information
aws_security_hub
AWS Security Hub
detect
minimal
T1592.001
Hardware
aws_security_hub
AWS Security Hub
detect
minimal
T1592.002
Software
aws_security_hub
AWS Security Hub
detect
minimal
T1592.003
Firmware
aws_security_hub
AWS Security Hub
detect
minimal
T1592.004
Client Configurations
aws_security_hub
AWS Security Hub
protect
partial
T1651
Cloud Administration Command
Capabilities
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Name
Number of Mappings
aws_security_hub
AWS Security Hub
45