search

elastic / detection-rules

https://www.elastic.co/guide/en/security/current/detection-engine-overview.html
Other
1.95k stars 497 forks source link

[New Rule] AWS ElastiCache Security Group Created #1354

Closed austinsonger closed 3 years ago

austinsonger commented 3 years ago

Description

Identifies when an ElastiCache security group has been created.

Required Info

Target indexes

filebeat-*, logs-aws*

Platforms

AWS Cloudtrail

Optional Info

Query

event.dataset:aws.cloudtrail and  event.provider:elasticache.amazonaws.com and 
event.action:"Create Cache Security Group"  and  event.outcome:success

New fields required in ECS/data sources for this rule?

Related issues or PRs

False Positives

MITRE

ATTACK TACTIC Credential Access, Persistence

ATTACK TECHNIQUE Account Manipulation

References

botelastic[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

austinsonger commented 3 years ago

I'm just leaving a comment for activity.