AuthorizeDBSecurityGroupIngress
Event
Adds inbound rules to an RDS DB security group, allowing specified IP ranges or EC2 security groups to access the database.
Security Context
- Modifying network security controls can open unauthorized access paths while removing evidence of the original restrictive configuration.
Log Source
CloudTrail
Sample Event
MITRE ATT&CK Mapping
Tactics: Defense Evasion
Techniques:
- T1562.007 — Disable or Modify Cloud Firewall — Adversaries may disable or modify a firewall within a cloud environment to bypass controls that limit access to cloud resources. Cloud firewalls are separate from system firewalls that are described in Disable or Modify System Firewall.