EXPLORE
Sign In
← Back to Explore
T1686.001

Cloud Firewall

Adversaries may disable or modify a firewall within a cloud environment to bypass controls that limit access to cloud resources. Cloud environments typically utilize restrictive security groups and firewall rules that only allow network activity from trusted IP addresses via expected ports and protocols. An adversary with appropriate permissions may introduce new firewall rules or policies to allow access into a victim cloud environment and/or move laterally from the cloud control plane to the ...

IaaS
12
Detections
2
Sources
0
Threat Actors

BY SOURCE

7splunk_escu5sigma

PROCEDURES (6)

Network Connection Monitoring3 detections

Auto-extracted: 3 detections for network connection monitoring

Network Connection Monitoring3 detections

Auto-extracted: 3 detections for network connection monitoring

Aws2 detections

Auto-extracted: 2 detections for aws

Aws2 detections

Auto-extracted: 2 detections for aws

Ransomware2 detections

Auto-extracted: 2 detections for ransomware

Bypass1 detections

Auto-extracted: 1 detections for bypass

DETECTIONS (12)

Allow File And Printing Sharing In Firewall
splunk_escu
Allow Network Discovery In Firewall
splunk_escu
ASL AWS Network Access Control List Created with All Open Ports
splunk_escu
ASL AWS Network Access Control List Deleted
splunk_escu
AWS Network Access Control List Created with All Open Ports
splunk_escu
AWS Network Access Control List Deleted
splunk_escu
Azure Firewall Modified or Deleted
sigmamedium
Azure Firewall Rule Collection Modified or Deleted
sigmamedium
Azure Network Firewall Policy Modified or Deleted
sigmamedium
New Network ACL Entry Added
sigmalow
New Network Route Added
sigmamedium
O365 Bypass MFA via Trusted IP
splunk_escu