AWSCloudTrail - Changes to Amazon VPC settings

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Identifies changes to Amazon VPC(Virtual Private Cloud) settings that can alter network exposure, routing, or access controls. This rule identifies changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries, routes, routetable or Gateways. AWS VPC API Docs: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/OperationList-query-vpc.html'

Attribute	Value
Type	Analytic Rule
Solution	Amazon Web Services
ID	65360bb0-8986-4ade-a89d-af3cf44d28aa
Severity	Low
Status	Available
Kind	Scheduled
Tactics	PrivilegeEscalation, DefenseEvasion
Techniques	T1078, T1562.007
Required Connectors	AWS, AWSS3
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AWSCloudTrail	EventName in "CreateInternetGateway,CreateNatGateway,CreateNetworkAclEntry,CreateRoute,CreateRouteTable" EventSource != "apigateway.amazonaws.com"	✓	✓	✓

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules · Back to Amazon Web Services