New Container Uploaded To AWS Ecr

Description

This searches show information on uploaded containers including source user, image id, source IP user type, http user agent, region, first time, last time of operation (PutImage). These searches are based on Cloud Infrastructure Data Model.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Cloud Security

Alert Volume

This searches show information on uploaded containers including source user, image id, source IP user type, http user agent, region, first time, last time of operation (PutImage). These searches are based on Cloud Infrastructure Data Model.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Persistence

MITRE ATT&CK Techniques

Implant Container Image

Implant Container Image

Data Sources

AWS
Audit Trail

   Help

New Container Uploaded To AWS Ecr Help

You must install the AWS App for Splunk (version 5.1.0 or later) and Splunk Add-on for AWS (version 4.4.0 or later), then configure your CloudTrail inputs. You must also install Cloud Infrastructure data model. Please also customize the container_implant_aws_detection_filter macro to filter out the false positives.

   Search

Open in Search