Analytics Alerts
Browse the Cortex analytics alert reference.
2 alerts match the current filters. tactic: TA0005 ✕ technique: T1486 ✕
Show ATT&CK heatmapAn AWS S3 bucket configuration was modified Informational Cloud
An AWS S3 bucket configuration has been modified.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 5 Days
ATT&CK tactics: Defense Evasion (TA0005) Impact (TA0040)ATT&CK techniques: Impair Defenses (T1562) Data Encrypted for Impact (T1486)Required data: AWS Audit LogDetector tags: Cloud Data Asset Configuration, Data Detection & ResponseAttacker's goals: Modify storage configuration to detection or allow access to sensitive information.Investigative actions: Examine AWS S3 access to identify any suspicious activity. Check which S3 buckets were affected.Suspicious data encryption Low
Known applications were used to encrypt data within a machine's local file system.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 1 Day
ATT&CK tactics: Impact (TA0040) Defense Evasion (TA0005)ATT&CK techniques: Data Encrypted for Impact (T1486) Obfuscated Files or Information: Encrypted/Encoded File (T1027.013)Required data: XDR AgentAttacker's goals: Damage or hide data on the local file system.Investigative actions: Check if the action was done using an automation service. Check if there are any other suspicious activities originated from the same machine/executing user.