RDS Database Security Group Modification

Rule Info

Name
RDS Database Security Group Modification
Author
jamesc-grafana
Description
Detects changes to the security group entries for RDS databases. This can indicate that a misconfiguration has occurred which potentially exposes the database to the public internet, a wider audience within the VPC or that removal of valid rules has occurred which could impact the availability of the database to legitimate services and users.
Reference
https://www.gorillastack.com/blog/real-time-events/important-aws-cloudtrail-security-events-tracking/
Date
2024-07-11 00:00:00
Modified
None
Id
14f3f1c8-02d5-43a2-a191-91ffb52d3015
Tags
attack.initial-access attack.t1190 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=14f3f1c8-02d5-43a2-a191-91ffb52d3015

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
James C
Merge PR #4900 from @jamesc-grafana - Add new AWS cloudtrail rules
2024-07-11
f95d5397b
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022