Cloud Asset Inventory provides inventory services based on a time series database. Cloud Asset Inventory allows users to search asset metadata, export all asset metadata at a certain timestamp or export event change history during a specific timeframe, monitor asset changes by subscribing to real-time notifications, and analyze IAM policy to find out who has access to what.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| cloud_asset_inventory | Cloud Asset Inventory | detect | partial | T1078 | Valid Accounts |
Comments
This control may be able to detect when adversaries use valid cloud accounts to elevate privileges through manipulation of IAM or access policies. This monitoring can be fine tuned to specific assets, policies, and organizations.
References
|
| cloud_asset_inventory | Cloud Asset Inventory | detect | partial | T1078.004 | Cloud Accounts |
Comments
This control may be able to detect when adversaries use valid cloud accounts to elevate privileges through manipulation of IAM or access policies. This monitoring can be fine tuned to specific assets, policies, and organizations.
References
|
| cloud_asset_inventory | Cloud Asset Inventory | detect | partial | T1098 | Account Manipulation |
Comments
This control may be able to detect when adversaries use cloud accounts to elevate privileges through manipulation of IAM or access policies. This monitoring can be fine tuned to specific assets, policies, and organizations.
References
|
| cloud_asset_inventory | Cloud Asset Inventory | detect | partial | T1098.001 | Additional Cloud Credentials |
Comments
This control may be able to detect when adversaries use cloud accounts to elevate privileges through manipulation of IAM or access policies for the creation of additional accounts. This monitoring can be fine tuned to specific assets, policies, and organizations.
References
|