Rules Contributing to Suspicious AWS VPC Flow Logs Modification Alert

The following rules are used to identify suspicious modification of AWS VPC Flow logs. Any one or more of these will trigger Suspicious AWS VPC Flow Logs Modification Alert. Details for each rule can be viewed by clicking the More Details link in the description.

Title

Description

AWS VPC Flow Logs Deletion

Identifies the deletion of one or more flow logs in AWS Elastic Compute Cloud (EC2). An adversary may delete flow logs in an attempt to evade defenses.