Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

1 alert match the current filters. tactic: TA0007 ✕ technique: T1518 ✕

Show ATT&CK heatmap
  • AWS Security Service Enumeration Informational Cloud 1 variation

    AWS security service enumeration activity, potentially indicating reconnaissance.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    15 Minutes
    Deduplication:
    5 Days
    ATT&CK tactics: Discovery (TA0007)
    ATT&CK techniques: Software Discovery (T1518) Software Discovery: Security Software Discovery (T1518.001) Cloud Infrastructure Discovery (T1580)
    Required data: AWS Audit Log
    Attacker's goals: Reconnaissance of security defenses to assess and identify exploitable weaknesses.
    Investigative actions: Review which API calls were executed and their frequency. Analyze the identity performing the actions. Inspect configurations of enumerated services.

    Variations

    AWS Multiple Security Services Enumeration

    Informational overridden

    AWS security service enumeration activity, potentially indicating reconnaissance. overridden