Rules Contributing to Suspicious Modification of AWS Route Table Alert
The following rules are used to identify suspicious activity related to modification of AWS Route Table. Any one or more of these will trigger Suspicious Modification of AWS Route Table Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
AWS Route Table Created |
Identifies when an AWS Route Table has been created. More details
Rule IDQuery{'selection1': {'eventSource': 'cloudtrail.amazonaws.com'}, 'selection2': {'eventName': ['CreateRoute', 'CreateRouteTable']}, 'condition': 'selection1 and selection2'} Log SourceStellar Cyber AWS configured. Rule SourceDeveloped internally by Stellar Cyber Tactics, Techniques, and ProceduresReferences
N/A
Additional Information
|
||||||||
AWS Route Table Modified or Deleted |
Identifies when an AWS Route Table has been modified or deleted. More details
Rule IDQuery{'selection1': {'eventSource': 'cloudtrail.amazonaws.com'}, 'selection2': {'eventName': ['ReplaceRoute', 'ReplaceRouteTableAssociation', 'DeleteRouteTable', 'DeleteRoute', 'DisassociateRouteTable']}, 'condition': 'selection1 and selection2'} Log SourceStellar Cyber AWS configured. Rule SourceDeveloped internally by Stellar Cyber Tactics, Techniques, and ProceduresReferences
N/A
Additional Information
|