Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This detection identifies potential suspicious activity across multi-cloud environments by combining AWS GuardDuty findings with GCP Audit Logs. It focuses on AWS activities related to unauthorized access, credential abuse, and unusual behaviors, as well as GCP instances creation with non-Google service account users. The query aims to provide a comprehensive view of cross-cloud security incidents for proactive threat detection and response.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Multi Cloud Attack Coverage Essentials - Resource Abuse |
| ID | 5c847e47-0a07-4c01-ab99-5817ad6cb11e |
| Severity | Low |
| Kind | Scheduled |
| Tactics | InitialAccess, Execution, Persistence, PrivilegeEscalation, CredentialAccess, Discovery, LateralMovement |
| Techniques | T1566, T1059, T1078, T1547, T1548, T1069, T1552 |
| Required Connectors | GCPAuditLogsDefinition, AWSS3 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AWSGuardDuty |
✓ | ✓ | ? |
GCPAuditLogs |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Multi Cloud Attack Coverage Essentials - Resource Abuse