AWS AWS Security Hub Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
aws_security_hub AWS Security Hub detect partial T1068 Exploitation for Privilege Escalation
aws_security_hub AWS Security Hub detect minimal T1078 Valid Accounts
aws_security_hub AWS Security Hub detect significant T1078.004 Cloud Accounts
aws_security_hub AWS Security Hub detect minimal T1098 Account Manipulation
aws_security_hub AWS Security Hub detect significant T1098.001 Additional Cloud Credentials
aws_security_hub AWS Security Hub detect minimal T1110 Brute Force
aws_security_hub AWS Security Hub detect minimal T1110.001 Password Guessing
aws_security_hub AWS Security Hub detect minimal T1110.003 Password Spraying
aws_security_hub AWS Security Hub detect minimal T1110.004 Credential Stuffing
aws_security_hub AWS Security Hub detect partial T1190 Exploit Public-Facing Application
aws_security_hub AWS Security Hub detect partial T1203 Exploitation for Client Execution
aws_security_hub AWS Security Hub detect partial T1210 Exploitation of Remote Services
aws_security_hub AWS Security Hub detect partial T1211 Exploitation for Defense Evasion
aws_security_hub AWS Security Hub detect partial T1212 Exploitation for Credential Access
aws_security_hub AWS Security Hub detect minimal T1485 Data Destruction
aws_security_hub AWS Security Hub detect partial T1530 Data from Cloud Storage Object
aws_security_hub AWS Security Hub detect partial T1531 Account Access Removal
aws_security_hub AWS Security Hub protect significant T1543.005 Container Service
aws_security_hub AWS Security Hub detect partial T1562 Impair Defenses
aws_security_hub AWS Security Hub detect significant T1562.001 Disable or Modify Tools
aws_security_hub AWS Security Hub detect significant T1562.007 Disable or Modify Cloud Firewall
aws_security_hub AWS Security Hub detect significant T1562.008 Disable Cloud Logs
aws_security_hub AWS Security Hub detect partial T1580 Cloud Infrastructure Discovery
aws_security_hub AWS Security Hub detect minimal T1589 Gather Victim Identity Information
aws_security_hub AWS Security Hub detect minimal T1589.001 Credentials
aws_security_hub AWS Security Hub detect minimal T1589.002 Email Addresses
aws_security_hub AWS Security Hub detect minimal T1589.003 Employee Names
aws_security_hub AWS Security Hub detect minimal T1590 Gather Victim Network Information
aws_security_hub AWS Security Hub detect minimal T1590.001 Domain Properties
aws_security_hub AWS Security Hub detect minimal T1590.002 DNS
aws_security_hub AWS Security Hub detect minimal T1590.003 Network Trust Dependencies
aws_security_hub AWS Security Hub detect minimal T1590.004 Network Topology
aws_security_hub AWS Security Hub detect minimal T1590.005 IP Addresses
aws_security_hub AWS Security Hub detect minimal T1590.006 Network Security Appliances
aws_security_hub AWS Security Hub detect minimal T1591 Gather Victim Org Information
aws_security_hub AWS Security Hub detect minimal T1591.001 Determine Physical Locations
aws_security_hub AWS Security Hub detect minimal T1591.002 Business Relationships
aws_security_hub AWS Security Hub detect minimal T1591.003 Identify Business Tempo
aws_security_hub AWS Security Hub detect minimal T1591.004 Identify Roles
aws_security_hub AWS Security Hub detect minimal T1592 Gather Victim Host Information
aws_security_hub AWS Security Hub detect minimal T1592.001 Hardware
aws_security_hub AWS Security Hub detect minimal T1592.002 Software
aws_security_hub AWS Security Hub detect minimal T1592.003 Firmware
aws_security_hub AWS Security Hub detect minimal T1592.004 Client Configurations
aws_security_hub AWS Security Hub protect partial T1651 Cloud Administration Command

Capabilities

Capability ID Capability Name Number of Mappings
aws_security_hub AWS Security Hub 45