DeleteNetworkAclEntry
Event
Removes a rule from a Network ACL, modifying traffic filtering for the associated VPC subnet.
Security Context
- Modifying network security controls can open unauthorized access paths while removing evidence of the original restrictive configuration.
Log Source
CloudTrail
Sample Event
MITRE ATT&CK Mapping
Tactics: Defense Evasion
Techniques:
- T1562.007 — Disable or Modify Cloud Firewall — Adversaries may disable or modify a firewall within a cloud environment to bypass controls that limit access to cloud resources. Cloud firewalls are separate from system firewalls that are described in Disable or Modify System Firewall.