EXPLORE
Sign In
← Back to Explore
T1578

Modify Cloud Compute Infrastructure

An adversary may attempt to modify a cloud account's compute service infrastructure to evade defenses. A modification to the compute service infrastructure can include the creation, deletion, or modification of one or more components such as compute instances, virtual machines, and snapshots. Permissions gained from the modification of infrastructure components may bypass restrictions that prevent access to existing infrastructure. Modifying infrastructure components may also allow an adversary...

IaaS
19
Detections
3
Sources
0
Threat Actors

BY SOURCE

17elastic1kql1sigma

PROCEDURES (17)

Cloud3 detections

Auto-extracted: 3 detections for cloud

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Encrypt1 detections

Auto-extracted: 1 detections for encrypt

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

C21 detections

Auto-extracted: 1 detections for c2

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Bypass1 detections

Auto-extracted: 1 detections for bypass

Api1 detections

Auto-extracted: 1 detections for api

Api1 detections

Auto-extracted: 1 detections for api

Persist1 detections

Auto-extracted: 1 detections for persist

Bypass1 detections

Auto-extracted: 1 detections for bypass

Aws1 detections

Auto-extracted: 1 detections for aws

Service1 detections

Auto-extracted: 1 detections for service

Encrypt1 detections

Auto-extracted: 1 detections for encrypt

Credential1 detections

Auto-extracted: 1 detections for credential

C21 detections

Auto-extracted: 1 detections for c2

Cloud1 detections

Auto-extracted: 1 detections for cloud

DETECTIONS (19)

AWS EC2 EBS Snapshot Access Removed
elasticmedium
AWS EC2 Encryption Disabled
elasticmedium
AWS EC2 Network Access Control List Creation
elasticlow
AWS EC2 Route Table Created
elasticlow
AWS EC2 Route Table Modified or Deleted
elasticlow
AWS EC2 Security Group Configuration Change
elasticlow
AWS EC2 Serial Console Access Enabled
elastichigh
AWS EC2 Stop, Start, and User Data Modification Correlation
elastichigh
AWS Lambda Function Policy Updated to Allow Public Invocation
elasticmedium
AWS Lambda Layer Added to Existing Function
elasticlow
AWS RDS DB Instance or Cluster Deletion Protection Disabled
elasticmedium
AWS RDS DB Instance Restored
elasticmedium
Azure Active Directory Hybrid Health AD FS New Server
sigmamedium
Azure Key Vault Modified
elasticlow
Azure VM Extension Deployment by User
elasticmedium
GCP Storage Bucket Configuration Modification
elasticmedium
GCP Virtual Private Cloud Route Creation
elasticlow
GCP Virtual Private Cloud Route Deletion
elasticmedium
Large Number of Virtual Machines started
kql