Techniques
Sample rules
AWS SQS Queue Purge
- source: elastic
- technicques:
- T1562
Description
Identifies when an AWS Simple Queue Service (SQS) queue is purged. Purging an SQS queue permanently deletes all messages currently in the queue. Adversaries may use this action to disrupt application workflows, destroy operational data, or impair monitoring and alerting by removing messages that contain evidence of malicious activity.
Detection logic
event.dataset: "aws.cloudtrail"
and event.provider: "sqs.amazonaws.com"
and event.action: "PurgeQueue"
and event.outcome: "success"