Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

2 alerts match the current filters. tactic: TA0005 ✕ technique: T1486 ✕

Show ATT&CK heatmap
  • An AWS S3 bucket configuration was modified Informational Cloud

    An AWS S3 bucket configuration has been modified.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    N/A (single event)
    Deduplication:
    5 Days
    ATT&CK tactics: Defense Evasion (TA0005) Impact (TA0040)
    ATT&CK techniques: Impair Defenses (T1562) Data Encrypted for Impact (T1486)
    Required data: AWS Audit Log
    Detector tags: Cloud Data Asset Configuration, Data Detection & Response
    Attacker's goals: Modify storage configuration to detection or allow access to sensitive information.
    Investigative actions: Examine AWS S3 access to identify any suspicious activity. Check which S3 buckets were affected.
  • Suspicious data encryption Low

    Known applications were used to encrypt data within a machine's local file system.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    N/A (single event)
    Deduplication:
    1 Day
    ATT&CK tactics: Impact (TA0040) Defense Evasion (TA0005)
    ATT&CK techniques: Data Encrypted for Impact (T1486) Obfuscated Files or Information: Encrypted/Encoded File (T1027.013)
    Required data: XDR Agent
    Attacker's goals: Damage or hide data on the local file system.
    Investigative actions: Check if the action was done using an automation service. Check if there are any other suspicious activities originated from the same machine/executing user.