Files

.github
detection_rules
docs
kibana
kql
rta
rules
- _deprecated
- apm
- cross-platform
- integrations
  - aws
    - NOTICE.txt
    - collection_cloudtrail_logging_created.toml
    - credential_access_aws_iam_assume_role_brute_force.toml
    - credential_access_iam_user_addition_to_group.toml
    - credential_access_root_console_failure_brute_force.toml
    - credential_access_secretsmanager_getsecretvalue.toml
    - defense_evasion_cloudtrail_logging_deleted.toml
    - defense_evasion_cloudtrail_logging_suspended.toml
    - defense_evasion_cloudwatch_alarm_deletion.toml
    - defense_evasion_config_service_rule_deletion.toml
    - defense_evasion_configuration_recorder_stopped.toml
    - defense_evasion_ec2_flow_log_deletion.toml
    - defense_evasion_ec2_network_acl_deletion.toml
    - defense_evasion_elasticache_security_group_creation.toml
    - defense_evasion_elasticache_security_group_modified_or_deleted.toml
    - defense_evasion_guardduty_detector_deletion.toml
    - defense_evasion_s3_bucket_configuration_deletion.toml
    - defense_evasion_waf_acl_deletion.toml
    - defense_evasion_waf_rule_or_rule_group_deletion.toml
    - exfiltration_ec2_full_network_packet_capture_detected.toml
    - exfiltration_ec2_snapshot_change_activity.toml
    - exfiltration_ec2_vm_export_failure.toml
    - exfiltration_rds_snapshot_export.toml
    - exfiltration_rds_snapshot_restored.toml
    - impact_aws_eventbridge_rule_disabled_or_deleted.toml
    - impact_cloudtrail_logging_updated.toml
    - impact_cloudwatch_log_group_deletion.toml
    - impact_cloudwatch_log_stream_deletion.toml
    - impact_ec2_disable_ebs_encryption.toml
    - impact_efs_filesystem_or_mount_deleted.toml
    - impact_iam_deactivate_mfa_device.toml
    - impact_iam_group_deletion.toml
    - impact_rds_group_deletion.toml
    - impact_rds_instance_cluster_deletion.toml
    - impact_rds_instance_cluster_stoppage.toml
    - initial_access_console_login_root.toml
    - initial_access_password_recovery.toml
    - initial_access_via_system_manager.toml
    - ml_cloudtrail_error_message_spike.toml
    - ml_cloudtrail_rare_error_code.toml
    - ml_cloudtrail_rare_method_by_city.toml
    - ml_cloudtrail_rare_method_by_country.toml
    - ml_cloudtrail_rare_method_by_user.toml
    - persistence_ec2_network_acl_creation.toml
    - persistence_ec2_security_group_configuration_change_detection.toml
    - persistence_iam_group_creation.toml
    - persistence_rds_cluster_creation.toml
    - persistence_rds_group_creation.toml
    - persistence_rds_instance_creation.toml
    - persistence_redshift_instance_creation.toml
    - persistence_route_53_domain_transfer_lock_disabled.toml
    - persistence_route_53_domain_transferred_to_another_account.toml
    - persistence_route_53_hosted_zone_associated_with_a_vpc.toml
    - persistence_route_table_created.toml
    - persistence_route_table_modified_or_deleted.toml
    - privilege_escalation_aws_suspicious_saml_activity.toml
    - privilege_escalation_root_login_without_mfa.toml
    - privilege_escalation_sts_assumerole_usage.toml
    - privilege_escalation_sts_getsessiontoken_abuse.toml
    - privilege_escalation_updateassumerolepolicy.toml
  - azure
  - cyberarkpas
  - endpoint
  - gcp
  - google_workspace
  - o365
  - okta
- linux
- macos
- ml
- network
- promotions
- windows
- README.md
tests
.gitignore
CLI.md
CONTRIBUTING.md
LICENSE.txt
Makefile
NOTICE.txt
PHILOSOPHY.md
README.md
pyproject.toml
requirements-dev.txt
requirements.txt
setup.cfg

aws

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

aws

aws

Name		Name	Last commit message	Last commit date
parent directory ..
NOTICE.txt		NOTICE.txt
collection_cloudtrail_logging_created.toml		collection_cloudtrail_logging_created.toml
credential_access_aws_iam_assume_role_brute_force.toml		credential_access_aws_iam_assume_role_brute_force.toml
credential_access_iam_user_addition_to_group.toml		credential_access_iam_user_addition_to_group.toml
credential_access_root_console_failure_brute_force.toml		credential_access_root_console_failure_brute_force.toml
credential_access_secretsmanager_getsecretvalue.toml		credential_access_secretsmanager_getsecretvalue.toml
defense_evasion_cloudtrail_logging_deleted.toml		defense_evasion_cloudtrail_logging_deleted.toml
defense_evasion_cloudtrail_logging_suspended.toml		defense_evasion_cloudtrail_logging_suspended.toml
defense_evasion_cloudwatch_alarm_deletion.toml		defense_evasion_cloudwatch_alarm_deletion.toml
defense_evasion_config_service_rule_deletion.toml		defense_evasion_config_service_rule_deletion.toml
defense_evasion_configuration_recorder_stopped.toml		defense_evasion_configuration_recorder_stopped.toml
defense_evasion_ec2_flow_log_deletion.toml		defense_evasion_ec2_flow_log_deletion.toml
defense_evasion_ec2_network_acl_deletion.toml		defense_evasion_ec2_network_acl_deletion.toml
defense_evasion_elasticache_security_group_creation.toml		defense_evasion_elasticache_security_group_creation.toml
defense_evasion_elasticache_security_group_modified_or_deleted.toml		defense_evasion_elasticache_security_group_modified_or_deleted.toml
defense_evasion_guardduty_detector_deletion.toml		defense_evasion_guardduty_detector_deletion.toml
defense_evasion_s3_bucket_configuration_deletion.toml		defense_evasion_s3_bucket_configuration_deletion.toml
defense_evasion_waf_acl_deletion.toml		defense_evasion_waf_acl_deletion.toml
defense_evasion_waf_rule_or_rule_group_deletion.toml		defense_evasion_waf_rule_or_rule_group_deletion.toml
exfiltration_ec2_full_network_packet_capture_detected.toml		exfiltration_ec2_full_network_packet_capture_detected.toml
exfiltration_ec2_snapshot_change_activity.toml		exfiltration_ec2_snapshot_change_activity.toml
exfiltration_ec2_vm_export_failure.toml		exfiltration_ec2_vm_export_failure.toml
exfiltration_rds_snapshot_export.toml		exfiltration_rds_snapshot_export.toml
exfiltration_rds_snapshot_restored.toml		exfiltration_rds_snapshot_restored.toml
impact_aws_eventbridge_rule_disabled_or_deleted.toml		impact_aws_eventbridge_rule_disabled_or_deleted.toml
impact_cloudtrail_logging_updated.toml		impact_cloudtrail_logging_updated.toml
impact_cloudwatch_log_group_deletion.toml		impact_cloudwatch_log_group_deletion.toml
impact_cloudwatch_log_stream_deletion.toml		impact_cloudwatch_log_stream_deletion.toml
impact_ec2_disable_ebs_encryption.toml		impact_ec2_disable_ebs_encryption.toml
impact_efs_filesystem_or_mount_deleted.toml		impact_efs_filesystem_or_mount_deleted.toml
impact_iam_deactivate_mfa_device.toml		impact_iam_deactivate_mfa_device.toml
impact_iam_group_deletion.toml		impact_iam_group_deletion.toml
impact_rds_group_deletion.toml		impact_rds_group_deletion.toml
impact_rds_instance_cluster_deletion.toml		impact_rds_instance_cluster_deletion.toml
impact_rds_instance_cluster_stoppage.toml		impact_rds_instance_cluster_stoppage.toml
initial_access_console_login_root.toml		initial_access_console_login_root.toml
initial_access_password_recovery.toml		initial_access_password_recovery.toml
initial_access_via_system_manager.toml		initial_access_via_system_manager.toml
ml_cloudtrail_error_message_spike.toml		ml_cloudtrail_error_message_spike.toml
ml_cloudtrail_rare_error_code.toml		ml_cloudtrail_rare_error_code.toml
ml_cloudtrail_rare_method_by_city.toml		ml_cloudtrail_rare_method_by_city.toml
ml_cloudtrail_rare_method_by_country.toml		ml_cloudtrail_rare_method_by_country.toml
ml_cloudtrail_rare_method_by_user.toml		ml_cloudtrail_rare_method_by_user.toml
persistence_ec2_network_acl_creation.toml		persistence_ec2_network_acl_creation.toml
persistence_ec2_security_group_configuration_change_detection.toml		persistence_ec2_security_group_configuration_change_detection.toml
persistence_iam_group_creation.toml		persistence_iam_group_creation.toml
persistence_rds_cluster_creation.toml		persistence_rds_cluster_creation.toml
persistence_rds_group_creation.toml		persistence_rds_group_creation.toml
persistence_rds_instance_creation.toml		persistence_rds_instance_creation.toml
persistence_redshift_instance_creation.toml		persistence_redshift_instance_creation.toml
persistence_route_53_domain_transfer_lock_disabled.toml		persistence_route_53_domain_transfer_lock_disabled.toml
persistence_route_53_domain_transferred_to_another_account.toml		persistence_route_53_domain_transferred_to_another_account.toml
persistence_route_53_hosted_zone_associated_with_a_vpc.toml		persistence_route_53_hosted_zone_associated_with_a_vpc.toml
persistence_route_table_created.toml		persistence_route_table_created.toml
persistence_route_table_modified_or_deleted.toml		persistence_route_table_modified_or_deleted.toml
privilege_escalation_aws_suspicious_saml_activity.toml		privilege_escalation_aws_suspicious_saml_activity.toml
privilege_escalation_root_login_without_mfa.toml		privilege_escalation_root_login_without_mfa.toml
privilege_escalation_sts_assumerole_usage.toml		privilege_escalation_sts_assumerole_usage.toml
privilege_escalation_sts_getsessiontoken_abuse.toml		privilege_escalation_sts_getsessiontoken_abuse.toml
privilege_escalation_updateassumerolepolicy.toml		privilege_escalation_updateassumerolepolicy.toml

Files

aws

Directory actions

More options

Directory actions

More options

Latest commit

History

aws

Folders and files

parent directory