Techniques
Sample rules
Modification or Deletion of an AWS RDS Cluster
- source: sigma
- technicques:
- t1020
Description
Detects modifications to an RDS cluster or its deletion, which may indicate potential data exfiltration attempts, unauthorized access, or exposure of sensitive information.
Detection logic
condition: selection
selection:
eventName:
- ModifyDBCluster
- DeleteDBCluster
eventSource: rds.amazonaws.com