Type
Threat Detection
D3FEND Tactic
Process Analysis (D3-PA)User Behavior Analysis (D3-UBA)
TL;DR
Collects and analyzes cloud logs to detect security incidents.
Description
The practice of collecting, analyzing, and alerting on log data from cloud environments to detect and respond to security incidents.
Techniques
Policy simulationCreate new cloud userCreate or modify cloud keyAttach administrative role to accountAbuse naming patterns to guess resource IDs or fingerprint resourcesAdd attacker-controlled IdP via ADFS accessErase logsLinux fileless malware