AWS Network Access Control List Created With All Open Ports

Description

The search looks for CloudTrail events to detect if any network ACLs were created with all the ports open to a specified CIDR.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Cloud Security, SaaS

Alert Volume

The search looks for CloudTrail events to detect if any network ACLs were created with all the ports open to a specified CIDR.

SPL Difficulty

None

Journey

Stage 3

Kill Chain Phases

Actions On Objectives

Data Sources

AWS
Audit Trail

   Help

AWS Network Access Control List Created With All Open Ports Help

You must install the AWS App for Splunk (version 5.1.0 or later) and Splunk Add-on for AWS, version 4.4.0 or later, and configure your CloudTrail inputs.

   Search

Open in Search