AuthorizeSecurityGroupIngress

CSP: AWS

Tactics:

Defense Evasion Initial Access

Techniques:

T1562.007

Tags:

AWS EC2

Event

Adds inbound rules to a VPC security group, permitting traffic from specified IP ranges or security groups to reach instances.

Security Context

• Modifying network security controls can open unauthorized access paths while removing evidence of the original restrictive configuration.

Log Source

CloudTrail

Sample Event

MITRE ATT&CK Mapping

Tactics: Defense Evasion Initial Access

Techniques:

• T1562.007 — Disable or Modify Cloud Firewall — Adversaries may disable or modify a firewall within a cloud environment to bypass controls that limit access to cloud resources. Cloud firewalls are separate from system firewalls that are described in Disable or Modify System Firewall.