AWS Network Gateway created or modified

cloudtrail

Classification:

compliance

Tactic:

TA0005-defense-evasion

Technique:

T1562-impair-defenses

Framework:

cis-aws

Control:

4.12

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when an AWS Network Gateway has been created or modified.

Strategy

Monitor CloudTrail and detect when an AWS Network Gateway has been created or modified with one of the following API calls:

Triage and response

  1. Determine if the API call: {{@evt.name}} should have occurred.
  2. If it shouldn’t have been made:
    • Contact the user: {{@userIdentity.arn}} and see if they made the API call.
  3. If the API call was not made by the user:
    • Rotate the user credentials.
    • Determine what other API calls were made with the old credentials that were not made by the user.

Changelog

6 April 2022 - Updated rule cases and signal message.

PREVIEWING: dgreen15/github-error-fix