Rules Contributing to Suspicious AWS ELB Activity Alert
The following rules are used to identify suspicious activity with AWS ELB. Any one or more of these will trigger the Suspicious AWS ELB Activity Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
AWS ELB Security Group Modified |
Identifies the modification of an ELB security group. More details
Rule IDQuery{'selection1': {'eventSource': 'elasticloadbalancing.amazonaws.com'}, 'selection2': {'eventName': 'ApplySecurityGroupsToLoadBalancer'}, 'condition': 'selection1 and selection2'} Log SourceStellar Cyber AWS configured. Rule SourceDeveloped internally by Stellar Cyber Tactics, Techniques, and ProceduresReferences
N/A
Severity50 Suppression Logic Based On
Additional Information
|