LoFP
/
cloud instance
Title
Tags
it is possible that legitimate user/admin may modify a number of security groups
T1578.005
cloud instance
splunk
many service accounts configured within a cloud infrastructure are known to exhibit this behavior. please adjust the threshold values and filter out service accounts from the output. always verify if this search alerted on a human user.
t1078
t1078.004
cloud instance
splunk
many service accounts configured within an aws infrastructure are known to exhibit this behavior. please adjust the threshold values and filter out service accounts from the output. always verify if this search alerted on a human user.
t1078
t1078.004
aws instance
cloud instance
splunk
LoFP
/
cloud instance