Skip to content

Latest commit

 

History

History
20 lines (18 loc) · 4.18 KB

ds_amazon_aws_redshift.md

File metadata and controls

20 lines (18 loc) · 4.18 KB

Vendor: Amazon

Product: AWS Redshift

Rules Models MITRE TTPs Event Types Parsers
29 12 5 1 1
Use-Case Event Types/Parsers MITRE TTP Content
Compromised Credentials security-alert
cef-aws-redshift-db-query
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
  • 22 Rules
  • 10 Models
Lateral Movement security-alert
cef-aws-redshift-db-query
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Malware security-alert
cef-aws-redshift-db-query
 TA0002 - TA0002
  • 4 Rules
  • 2 Models
Privileged Activity security-alert
cef-aws-redshift-db-query
 T1068 - Exploitation for Privilege Escalation
  • 1 Rules

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

 External Remote Services

Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information