Delete Elasticache Instance¶
An adversary may attempt to delete Elasticache Instance
|clusterid||str||Cluster ID which will be deleted||cluster_ID|
aws elasticache delete-cache-cluster --cache-cluster-id cluster_ID
When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.
--- title: Delete Elasticache Instance id: testing status: experimental author: Anela Tiro date: 2023-07-01 description: An adversary may attempt to delete Elasticache Instance logsource: service: cloudtrail detection: selection_source: - eventSource: "" events: - eventName: "DeleteCacheCluster" condition: selection_source AND events level: low tags: - attack.T1529