AWS Security Hub - EC2 instances with public IPv4 address

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query finds EC2 instances that have a public IPv4 address using AWS Security Hub findings (control EC2.9).

Attribute	Value
Type	Hunting Query
Solution	AWS Security Hub
ID	2b7f9e4e-6c3a-4c8f-9b1d-1a2f3e4c5d6b
Tactics	InitialAccess, Exfiltration
Techniques	T1133, T1021
Required Connectors	AWSSecurityHub
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AWSSecurityHubFindings	AwsSecurityFindingGeneratorId == "security-control/EC2.9" ComplianceSecurityControlId == "EC2.9" ComplianceStatus == "FAILED" RecordState == "ACTIVE"	✓	✓	✓

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries · Back to AWS Security Hub