AWSCloudTrail - Changes to internet facing AWS RDS Database instances

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Identifies AWS CloudTrail events associated with changes to Amazon RDS database security groups and database security group ingress rules, which may indicate unauthorized modification of internet-facing RDS access. Validate whether the change was authorized and consistent with change control policy. RDS API Reference Docs: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Operations.html

Attribute	Value
Type	Analytic Rule
Solution	Amazon Web Services
ID	8c2ef238-67a0-497d-b1dd-5c8a0f533e25
Severity	Low
Status	Available
Kind	Scheduled
Tactics	Persistence, PrivilegeEscalation, DefenseEvasion
Techniques	T1098.001, T1562.007
Required Connectors	AWS, AWSS3
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AWSCloudTrail	EventName in "AuthorizeDBSecurityGroupIngress,CreateDBSecurityGroup,DeleteDBSecurityGroup,RevokeDBSecurityGroupIngress"	✓	✓	✓

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules · Back to Amazon Web Services