Platform | Author | Last Update |
---|
aws | Nick Jones | 2024-12-02 |
An adversary may attempt to enumerate which VPCs have flow logs configured, to identify what actions will be logged and where they will be logged to.
MITRE IDs
Required Permissions
Required Parameters
None
Attacker Action
Detection Case
ELK query
When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.
Sigma Definition