Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects a ransomware-like sequence where objects are read from an S3 bucket and then overwritten using an external KMS key. This pattern can indicate malicious encryption and potential data denial in the bucket.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Amazon Web Services |
| ID | b442b9e2-5cc4-4129-a85b-a5ef38a9e5f0 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | Impact |
| Techniques | T1486 |
| Required Connectors | AWS |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
EventName in "GetObject,PutObject" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊