Modification or Deletion of an AWS RDS Cluster

Rule Info

Name
Modification or Deletion of an AWS RDS Cluster
Author
Ivan Saakov
Description
Detects modifications to an RDS cluster or its deletion, which may indicate potential data exfiltration attempts, unauthorized access, or exposure of sensitive information.
Reference
https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBCluster.html
Date
2024-12-06 00:00:00
Modified
None
Id
457cc9ac-d8e6-4d1d-8c0e-251d0f11a74c
Tags
attack.exfiltration attack.t1020
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=457cc9ac-d8e6-4d1d-8c0e-251d0f11a74c

Rule History

Author
Title
Date
Commit
Ivan S
Merge PR #5017 from @saakovv - Add `Modification or Deletion of an AWS RDS Cluster`
2024-12-07
58017b6b3
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022