AWS ArchiveFindings
Archives GuardDuty findings to suppress active security alerts from SOC visibility.
T1562.001: Disable or Modify Tools
T1562.001: Disable or Modify Tools
Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properl...
View on MITRE ATT&CK →AWS CreateIPSet
Creates a GuardDuty IP set — a list of trusted or known malicious IP addresses used in threat intelligence.
AWS DeleteMembers
Removes member accounts from a GuardDuty administrator account, ending the delegated monitoring relationship.
AWS DisassociateFromMasterAccount
Disassociates the current account from its GuardDuty administrator account, ending the delegated monitoring relationship.
AWS DisassociateMembers
Disassociates specified member accounts from a GuardDuty administrator account.
GCP google.cloud.securitycenter.v1.SecurityCenter.SetMute
Mutes Security Command Center findings, suppressing security alerts from visibility.
Azure Microsoft.HybridCompute/machines/extensions/delete
Removes an extension from an Azure Arc-enabled server.
Azure Microsoft.Insights/activityLogAlerts/delete
Deletes an activity log alert rule, disabling security detection and notification capabilities.
Azure Microsoft.Security/autoProvisioningSettings/write
Modifies auto-provisioning settings, potentially disabling automatic deployment of security monitoring agents.
AWS UpdateFindingsFeedback
Updates the feedback status on GuardDuty findings, marking them as useful or not useful.
AWS UpdateIPSet
Modifies the IP addresses or CIDR ranges in a GuardDuty IP set used for threat intelligence.