Rule Info
Name
RDS Database Security Group Modification
Author
jamesc-grafana
Description
Detects changes to the security group entries for RDS databases.
This can indicate that a misconfiguration has occurred which potentially exposes the database to the public internet, a wider audience within the VPC or that removal of valid rules has occurred which could impact the availability of the database to legitimate services and users.
Date
2024-07-11 00:00:00
Modified
None
Id
14f3f1c8-02d5-43a2-a191-91ffb52d3015
Tags
attack.initial-access attack.t1190
Type
Community Rule
Link to Public Repo