T1040,AmazonVirtualPrivatecloud,elb-tls-https-listeners-only
T1040,AWSCloudWatch,elb-tls-https-listeners-only
T1040,AWSConfig,acm-certificate-expiration-check
T1040,AWSConfig,alb-http-to-https-redirection-check
T1040,AWSConfig,api-gw-ssl-enabled
T1530,AWSConfig,s3-account-level-public-access-blocks-periodic
T1552.001,AWSConfig,s3-account-level-public-access-blocks-periodic
T1040,AWSConfig,elasticsearch-in-vpc-only
T1040,AWSConfig,elasticsearch-node-to-node-encryption-check
T1040,AWSConfig,elb-acm-certificate-required
T1040,AWSConfig,elb-predefined-security-policy-ssl-check
T1040,AWSConfig,elb-tls-https-listeners-only
T1040,AWSConfig,redshift-enhanced-vpc-routing-enabled
T1040,AWSConfig,redshift-require-tls-ssl
T1040,AWSConfig,s3-bucket-ssl-requests-only
T1040,AWSIOTDeviceDefender,CA_CERTIFICATE_EXPIRING_CHECK
T1040,AWSIOTDeviceDefender,CA_CERTIFICATE_KEY_QUALITY_CHECK
T1040,AWSIOTDeviceDefender,DEVICE_CERTIFICATE_EXPIRING_CHECK
T1040,AWSIOTDeviceDefender,DEVICE_CERTIFICATE_KEY_QUALITY_CHECK
T1040,AWSIOTDeviceDefender,DEVICE_CERTIFICATE_SHARED_CHECK
T1040,AWSIOTDeviceDefender,REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK
T1040,AWSIOTDeviceDefender,REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK
T1040,AWSRDS,elb-tls-https-listeners-only
T1046,AmazonGuardDuty,Impact:EC2/PortSweep
T1046,AmazonGuardDuty,Recon:EC2/PortProbeEMRUnprotectedPort
T1528,AWSIAM,Impact:IAMUser/AnomalousBehavior
T1046,AmazonGuardDuty,Recon:EC2/PortProbeUnprotectedPort
T1046,AmazonGuardDuty,Recon:EC2/Portscan
T1046,AmazonInspector,Recon:EC2/Portscan
T1046,AmazonVirtualPrivatecloud,Recon:EC2/Portscan
T1046,AWSIOTDeviceDefender,aws:all-bytes-in
T1046,AWSIOTDeviceDefender,aws:all-bytes-out
T1046,AWSIOTDeviceDefender,aws:all-packets-in
T1046,AWSIOTDeviceDefender,aws:all-packets-out
T1046,AWSIOTDeviceDefender,aws:destination-ip-addresses
T1046,AWSIOTDeviceDefender,aws:listening-tcp-ports
T1046,AWSIOTDeviceDefender,aws:listening-udp-ports
T1046,AWSIOTDeviceDefender,aws:num-established-tcp-connections
T1046,AWSIOTDeviceDefender,aws:num-listening-tcp-ports
T1046,AWSIOTDeviceDefender,aws:num-listening-udp-ports
T1046,AWSNetworkFirewall,Recon:EC2/Portscan
T1046,AWSWebApplicationFirewall,Recon:EC2/Portscan
T1046,AWSWebApplicationFirewall,Recon:EC2/PortProbeUnprotectedPort
T1078.001,AmazonGuardDuty,CredentialAccess:IAMUser/AnomalousBehavior
T1078.001,AmazonGuardDuty,DefenseEvasion:IAMUser/AnomalousBehavior
T1078.001,AmazonGuardDuty,Discovery:IAMUser/AnomalousBehavior
T1078.001,AmazonGuardDuty,Exfiltration:IAMUser/AnomalousBehavior
T1078.001,AmazonGuardDuty,Impact:IAMUser/AnomalousBehavior
T1078.001,AmazonGuardDuty,PenTest:IAMUser/KaliLinux
T1078.001,AmazonGuardDuty,PenTest:IAMUser/ParrotLinux
T1078.001,AmazonGuardDuty,PenTest:IAMUser/PentooLinux
T1078.001,AmazonGuardDuty,Persistence:IAMUser/AnomalousBehavior
T1078.001,AmazonGuardDuty,Policy:IAMUser/RootCredentialUsage
T1078.001,AmazonGuardDuty,Policy:S3/AccountBlockPublicAccessDisabled
T1078.001,AmazonGuardDuty,Policy:S3/BucketAnonymousAccessGranted
T1078.001,AmazonGuardDuty,Policy:S3/BucketBlockPublicAccessDisabled
T1078.001,AmazonGuardDuty,Policy:S3/BucketPublicAccessGranted
T1078.001,AmazonGuardDuty,Recon:IAMUser/MaliciousIPCaller
T1078.001,AmazonGuardDuty,Recon:IAMUser/MaliciousIPCaller.Custom
T1078.001,AmazonGuardDuty,UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B
T1078.001,AmazonGuardDuty,UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration
T1078.001,AmazonGuardDuty,UnauthorizedAccess:IAMUser/MaliciousIPCaller
T1078.001,AmazonGuardDuty,UnauthorizedAccess:IAMUser/MaliciousIPCaller.Custom
T1078.001,AmazonGuardDuty,UnauthorizedAccess:IAMUser/TorIPCaller
T1078.004,AmazonCognito,CredentialAccess:IAMUser/AnomalousBehavior
T1078.004,AmazonGuardDuty,CredentialAccess:IAMUser/AnomalousBehavior
T1078.004,AmazonGuardDuty,DefenseEvasion:IAMUser/AnomalousBehavior
T1078.004,AmazonGuardDuty,Discovery:IAMUser/AnomalousBehavior
T1078.004,AmazonGuardDuty,Exfiltration:IAMUser/AnomalousBehavior
T1078.004,AmazonGuardDuty,Impact:IAMUser/AnomalousBehavior
T1078.004,AmazonGuardDuty,PenTest:IAMUser/KaliLinux
T1078.004,AmazonGuardDuty,PenTest:IAMUser/ParrotLinux
T1078.004,AmazonGuardDuty,PenTest:IAMUser/PentooLinux
T1078.004,AmazonGuardDuty,Persistence:IAMUser/AnomalousBehavior
T1078.004,AmazonGuardDuty,Policy:IAMUser/RootCredentialUsage
T1078.004,AmazonGuardDuty,Policy:S3/AccountBlockPublicAccessDisabled
T1078.004,AmazonGuardDuty,Policy:S3/BucketAnonymousAccessGranted
T1078.004,AmazonGuardDuty,Policy:S3/BucketBlockPublicAccessDisabled
T1078.004,AmazonGuardDuty,Policy:S3/BucketPublicAccessGranted
T1078.004,AmazonGuardDuty,Recon:IAMUser/MaliciousIPCaller
T1078.004,AmazonGuardDuty,Recon:IAMUser/MaliciousIPCaller.Custom
T1078.004,AmazonGuardDuty,UnauthorizedAccess:IAMUser/ConsoleLogin
T1078.004,AmazonGuardDuty,UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B
T1078.004,AmazonGuardDuty,UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration
T1078.004,AmazonGuardDuty,UnauthorizedAccess:IAMUser/MaliciousIPCaller
T1078.004,AmazonGuardDuty,UnauthorizedAccess:IAMUser/MaliciousIPCaller.Custom
T1078.004,AmazonGuardDuty,UnauthorizedAccess:IAMUser/TorIPCaller
T1078.004,AWSConfig,access-keys-rotated
T1078.004,AWSConfig,ec2-instance-profile-attached
T1078.004,AWSConfig,iam-password-policy
T1078.004,AWSConfig,iam-policy-no-statements-with-admin-access
T1078.004,AWSConfig,iam-policy-no-statements-with-full-access
T1078.004,AWSConfig,iam-root-access-key-check
T1078.004,AWSConfig,iam-user-group-membership-check
T1078.004,AWSConfig,iam-user-mfa-enabled
T1078.004,AWSConfig,iam-user-unused-credentials-check
T1078.004,AWSConfig,mfa-enabled-for-iam-console-access
T1078.004,AWSConfig,root-account-hardware-mfa-enabled
T1078.004,AWSConfig,root-account-mfa-enabled
T1078.004,AWSIAM,Discovery:IAMUser/AnomalousBehavior
T1078.004,AWSIOTDeviceDefender,AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK
T1078.004,AWSIOTDeviceDefender,aws:num-authorization-failures
T1078.004,AWSIOTDeviceDefender,aws:num-connection-attempts
T1078.004,AWSIOTDeviceDefender,aws:num-disconnects
T1078.004,AWSIOTDeviceDefender,aws:source-ip-address
T1078.004,AWSIOTDeviceDefender,CONFLICTING_CLIENT_IDS_CHECK
T1078.004,AWSIOTDeviceDefender,DEVICE_CERTIFICATE_SHARED_CHECK
T1078.004,AWSIOTDeviceDefender,IOT_POLICY_OVERLY_PERMISSIVE_CHECK
T1078.004,AWSIOTDeviceDefender,IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK
T1078.004,AWSIOTDeviceDefender,IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK
T1078.004,AWSIOTDeviceDefender,REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK
T1078.004,AWSIOTDeviceDefender,REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK
T1078.004,AWSIOTDeviceDefender,UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK
T1078.004,AWSOrganizations,Exfiltration:IAMUser/AnomalousBehavior
T1078.004,AWSSecurityHub,"[PCI.CW.1] A log metric filter and alarm should exist for usage of the '"root'" user"
T1078.004,AWSSecurityHub,3.1 Ensure a log metric filter and alarm exist for unauthorized API calls
T1078.004,AWSSecurityHub,3.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
T1078.004,AWSSecurityHub,"3.3 Ensure a log metric filter and alarm exist for usage of '"root'" account "
T1078.004,AWSSecurityHub,3.4 Ensure a log metric filter and alarm exist for IAM policy changes
T1528,AWSSecretsManager,Impact:IAMUser/AnomalousBehavior
T1078.004,AWSSecurityHub,3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
T1078.004,AWSSecurityHub,AWS principals with suspicious access key activity
T1078.004,AWSSecurityHub,AWS resources with unauthorized access attempts
T1078.004,AWSSecurityHub,Credentials that may have leaked
T1078.004,AWSSecurityHub,IAM users with suspicious activity
T1078.004,AWSSSO,Exfiltration:IAMUser/AnomalousBehavior
T1087.004,AWSOrganizations,Discovery:IAMUser/AnomalousBehavior
T1098.001,AmazonGuardDuty,Persistence:IAMUser/AnomalousBehavior
T1098.001,AWSConfig,iam-user-mfa-enabled
T1098.001,AWSConfig,mfa-enabled-for-iam-console-access
T1098.001,AWSConfig,root-account-hardware-mfa-enabled
T1098.001,AWSConfig,root-account-mfa-enabled
T1098.001,AWSIAM,Persistence:IAMUser/AnomalousBehavior
T1098.001,AWSSecurityHub,3.4 Ensure a log metric filter and alarm exist for IAM policy changes 
T1098.004,AmazonGuardDuty,Persistence:IAMUser/AnomalousBehavior
T1110.001,AmazonCognito,iam-password-policy
T1110.001,AmazonGuardDuty,Impact:EC2/WinRMBruteForce
T1110.001,AmazonGuardDuty,Stealth:IAMUser/PasswordPolicyChange
T1110.001,AmazonGuardDuty,UnauthorizedAccess:EC2/RDPBruteForce
T1110.001,AmazonGuardDuty,UnauthorizedAccess:EC2/SSHBruteForce
T1110.001,AmazonInspector,UnauthorizedAccess:EC2/SSHBruteForce
T1110.001,AWSConfig,iam-password-policy
T1110.001,AWSConfig,iam-user-mfa-enabled
T1110.001,AWSConfig,mfa-enabled-for-iam-console-access
T1110.001,AWSConfig,root-account-hardware-mfa-enabled
T1110.001,AWSConfig,root-account-mfa-enabled
T1110.001,AWSIAM,Persistence:IAMUser/AnomalousBehavior
T1110.001,AWSSecurityHub,3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
T1110.001,AWSSSO,Impact:EC2/WinRMBruteForce
T1110.002,AmazonCognito,iam-user-mfa-enabled
T1110.002,AmazonInspector,iam-password-policy
T1110.002,AWSConfig,iam-password-policy
T1110.002,AWSConfig,iam-user-mfa-enabled
T1110.002,AWSConfig,mfa-enabled-for-iam-console-access
T1110.002,AWSConfig,root-account-hardware-mfa-enabled
T1110.002,AWSConfig,root-account-mfa-enabled
T1110.003,AmazonCognito,Impact:EC2/WinRMBruteForce
T1110.003,AmazonGuardDuty,Impact:EC2/WinRMBruteForce
T1110.003,AmazonGuardDuty,Stealth:IAMUser/PasswordPolicyChange
T1110.003,AmazonGuardDuty,UnauthorizedAccess:EC2/RDPBruteForce
T1110.003,AmazonGuardDuty,UnauthorizedAccess:EC2/SSHBruteForce
T1110.003,AmazonInspector,UnauthorizedAccess:EC2/SSHBruteForce
T1110.003,AWSConfig,iam-password-policy
T1110.003,AWSConfig,iam-user-mfa-enabled
T1110.003,AWSConfig,mfa-enabled-for-iam-console-access
T1110.003,AWSConfig,root-account-hardware-mfa-enabled
T1110.003,AWSConfig,root-account-mfa-enabled
T1110.003,AWSIAM,iam-user-mfa-enabled
T1110.003,AWSSecurityHub,3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
T1110.003,AWSSSO,iam-user-mfa-enabled
T1110.004,AmazonCognito,Impact:EC2/WinRMBruteForce
T1110.004,AmazonGuardDuty,Impact:EC2/WinRMBruteForce
T1110.004,AmazonGuardDuty,Stealth:IAMUser/PasswordPolicyChange
T1110.004,AmazonGuardDuty,UnauthorizedAccess:EC2/RDPBruteForce
T1110.004,AmazonGuardDuty,UnauthorizedAccess:EC2/SSHBruteForce
T1110.004,AmazonInspector,UnauthorizedAccess:EC2/SSHBruteForce
T1110.004,AWSConfig,iam-password-policy
T1110.004,AWSConfig,iam-user-mfa-enabled
T1110.004,AWSConfig,mfa-enabled-for-iam-console-access
T1110.004,AWSConfig,root-account-hardware-mfa-enabled
T1110.004,AWSConfig,root-account-mfa-enabled
T1110.004,AWSIAM,iam-user-mfa-enabled
T1110.004,AWSSecurityHub,3.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
T1110.004,AWSSSO,iam-user-mfa-enabled
T1119,AWSConfig,ec2-ebs-encryption-by-default
T1119,AWSConfig,encrypted-volumes
T1136.003,AWSConfig,iam-user-mfa-enabled
T1136.003,AWSConfig,mfa-enabled-for-iam-console-access
T1136.003,AWSConfig,root-account-hardware-mfa-enabled
T1136.003,AWSConfig,root-account-mfa-enabled
T1189,AmazonGuardDuty,Trojan:EC2/DriveBySourceTraffic!DNS
T1189,AmazonInspector,Trojan:EC2/DriveBySourceTraffic!DNS
T1189,AWSWebApplicationFirewall,Trojan:EC2/DriveBySourceTraffic!DNS
T1190,AmazonGuardDuty,UnauthorizedAccess:EC2/MetadataDNSRebind
T1190,AmazonInspector,UnauthorizedAccess:EC2/MetadataDNSRebind
T1190,AWSConfig,ec2-instance-no-public-ip
T1190,AWSConfig,elastic-beanstalk-managed-updates-enabled
T1190,AWSConfig,elasticsearch-in-vpc-only
T1190,AWSConfig,lambda-function-public-access-prohibited
T1190,AWSConfig,rds-automatic-minor-version-upgrade-enabled
T1190,AWSRDS,rds-automatic-minor-version-upgrade-enabled
T1190,AWSSecurityHub,EC2 instances that have missing security patches for important vulnerabilities
T1190,AWSWebApplicationFirewall,UnauthorizedAccess:EC2/MetadataDNSRebind
T1201,AmazonGuardDuty,Discovery:IAMUser/AnomalousBehavior
T1485,AmazonGuardDuty,Impact:IAMUser/AnomalousBehavior
T1485,AmazonGuardDuty,Impact:S3/MaliciousIPCaller
T1485,AmazonGuardDuty,PenTest:S3/KaliLinux
T1485,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1485,AmazonGuardDuty,PenTest:S3/PentooLinux
T1485,AmazonGuardDuty,Stealth:S3/ServerAccessLoggingDisabled
T1485,AmazonGuardDuty,UnauthorizedAccess:S3/MaliciousIPCaller.Custom
T1485,AmazonGuardDuty,UnauthorizedAccess:S3/TorIPCaller
T1485,AWSConfig,db-instance-backup-enabled
T1485,AWSConfig,dynamodb-in-backup-plan
T1485,AWSConfig,dynamodb-pitr-enabled
T1485,AWSConfig,ebs-in-backup-plan
T1485,AWSConfig,efs-in-backup-plan
T1485,AWSConfig,elasticache-redis-cluster-automatic-backup-check
T1485,AWSConfig,elb-deletion-protection-enabled
T1485,AWSConfig,rds-in-backup-plan
T1485,AWSConfig,rds-instance-deletion-protection-enabled
T1485,AWSConfig,redshift-backup-enabled
T1485,AWSConfig,redshift-cluster-maintenancesettings-check
T1485,AWSConfig,s3-bucket-default-lock-enabled
T1485,AWSConfig,s3-bucket-public-write-prohibited
T1485,AWSConfig,s3-bucket-replication-enabled
T1485,AWSConfig,s3-bucket-versioning-enabled
T1485,AWSRDS,rds-instance-deletion-protection-enabled
T1485,AWSS3,s3-bucket-versioning-enabled
T1485,AWSSecurityHub,Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
T1486,AmazonGuardDuty,Impact:S3/MaliciousIPCaller
T1486,AmazonGuardDuty,PenTest:S3/KaliLinux
T1486,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1486,AmazonGuardDuty,PenTest:S3/PentooLinux
T1486,AmazonGuardDuty,Stealth:S3/ServerAccessLoggingDisabled
T1486,AmazonGuardDuty,UnauthorizedAccess:S3/MaliciousIPCaller.Custom
T1486,AmazonGuardDuty,UnauthorizedAccess:S3/TorIPCaller
T1486,AWSConfig,db-instance-backup-enabled
T1486,AWSConfig,dynamodb-in-backup-plan
T1486,AWSConfig,dynamodb-pitr-enabled
T1486,AWSConfig,ebs-in-backup-plan
T1486,AWSConfig,efs-in-backup-plan
T1486,AWSConfig,elasticache-redis-cluster-automatic-backup-check
T1486,AWSConfig,rds-in-backup-plan
T1486,AWSConfig,redshift-backup-enabled
T1486,AWSConfig,redshift-cluster-maintenancesettings-check
T1486,AWSConfig,s3-bucket-default-lock-enabled
T1486,AWSConfig,s3-bucket-public-write-prohibited
T1486,AWSConfig,s3-bucket-replication-enabled
T1486,AWSConfig,s3-bucket-versioning-enabled
T1491.002,AmazonGuardDuty,Exfiltration:S3/MaliciousIPCaller
T1491.002,AmazonGuardDuty,Impact:S3/MaliciousIPCaller
T1491.002,AmazonGuardDuty,PenTest:S3/KaliLinux
T1491.002,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1491.002,AmazonGuardDuty,PenTest:S3/PentooLinux
T1491.002,AmazonGuardDuty,UnauthorizedAccess:S3/MaliciousIPCaller.Custom
T1491.002,AmazonGuardDuty,UnauthorizedAccess:S3/TorIPCaller
T1491.002,AWSConfig,db-instance-backup-enabled
T1491.002,AWSConfig,dynamodb-in-backup-plan
T1491.002,AWSConfig,dynamodb-pitr-enabled
T1491.002,AWSConfig,ebs-in-backup-plan
T1491.002,AWSConfig,efs-in-backup-plan
T1491.002,AWSConfig,elasticache-redis-cluster-automatic-backup-check
T1491.002,AWSConfig,rds-in-backup-plan
T1491.002,AWSConfig,redshift-backup-enabled
T1491.002,AWSConfig,redshift-cluster-maintenancesettings-check
T1491.002,AWSConfig,s3-bucket-default-lock-enabled
T1491.002,AWSConfig,s3-bucket-public-write-prohibited
T1491.002,AWSConfig,s3-bucket-replication-enabled
T1491.002,AWSConfig,s3-bucket-versioning-enabled
T1496,AmazonGuardDuty,CryptoCurrency:EC2/BitcoinTool.B
T1530,AWSConfig,rds-instance-public-access-check
T1496,AmazonGuardDuty,CryptoCurrency:EC2/BitcoinTool.B!DNS
T1496,AmazonGuardDuty,Impact:EC2/BitcoinDomainRequest.Reputation
T1496,AmazonGuardDuty,UnauthorizedAccess:EC2/TorRelay
T1496,AWSCloudWatch,CryptoCurrency:EC2/BitcoinTool.B
T1496,AWSConfig,cloudwatch-alarm-action-check
T1496,AWSConfig,dynamodb-throughput-limit-check
T1496,AWSConfig,rds-enhanced-monitoring-enabled
T1496,AWSIOTDeviceDefender,aws:all-bytes-in
T1496,AWSIOTDeviceDefender,aws:all-bytes-out
T1496,AWSIOTDeviceDefender,aws:all-packets-in
T1496,AWSIOTDeviceDefender,aws:all-packets-out
T1496,AWSIOTDeviceDefender,aws:destination-ip-addresses
T1496,AWSIOTDeviceDefender,aws:listening-tcp-ports
T1496,AWSIOTDeviceDefender,aws:listening-udp-ports
T1496,AWSIOTDeviceDefender,aws:num-established-tcp-connections
T1496,AWSIOTDeviceDefender,aws:num-listening-tcp-ports
T1496,AWSIOTDeviceDefender,aws:num-listening-udp-ports
T1498.001,AmazonGuardDuty,Backdoor:EC2/DenialOfService.Dns
T1498.001,AmazonGuardDuty,Backdoor:EC2/DenialOfService.Tcp
T1498.001,AmazonGuardDuty,Backdoor:EC2/DenialOfService.Udp
T1498.001,AmazonGuardDuty,Backdoor:EC2/DenialOfService.UdpOnTcpPorts
T1498.001,AmazonGuardDuty,Backdoor:EC2/DenialOfService.UnusualProtocol
T1498.001,AWSConfig,elb-cross-zone-load-balancing-enabled
T1498.001,AWSNetworkFirewall,Backdoor:EC2/DenialOfService.Dns
T1498.002,AmazonGuardDuty,Backdoor:EC2/DenialOfService.Dns
T1498.002,AmazonGuardDuty,Backdoor:EC2/DenialOfService.Tcp
T1530,AWSConfig,rds-storage-encrypted
T1498.002,AmazonGuardDuty,Backdoor:EC2/DenialOfService.Udp
T1498.002,AmazonGuardDuty,Backdoor:EC2/DenialOfService.UdpOnTcpPorts
T1498.002,AmazonGuardDuty,Backdoor:EC2/DenialOfService.UnusualProtocol
T1498.002,AWSConfig,elb-cross-zone-load-balancing-enabled
T1498.002,AWSNetworkFirewall,Backdoor:EC2/DenialOfService.Dns
T1499.002,AmazonVirtualPrivatecloud,Backdoor:EC2/DenialOfService.Dns
T1499.002,AWSConfig,elb-cross-zone-load-balancing-enabled
T1499.003,AWSConfig,elb-cross-zone-load-balancing-enabled
T1499.003,AWSNetworkFirewall,elb-cross-zone-load-balancing-enabled
T1499.004,AWSConfig,elb-cross-zone-load-balancing-enabled
T1526,AmazonGuardDuty,Recon:IAMUser/MaliciousIPCaller
T1526,AmazonGuardDuty,Recon:IAMUser/MaliciousIPCaller.Custom
T1526,AmazonGuardDuty,Recon:IAMUser/TorIPCaller
T1528,AmazonGuardDuty,Impact:IAMUser/AnomalousBehavior
T1530,AmazonGuardDuty,Exfiltration:S3/MaliciousIPCaller
T1530,AmazonGuardDuty,Impact:S3/MaliciousIPCaller
T1530,AmazonGuardDuty,PenTest:S3/KaliLinux
T1530,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1530,AmazonGuardDuty,PenTest:S3/PentooLinux
T1530,AmazonGuardDuty,UnauthorizedAccess:S3/MaliciousIPCaller.Custom
T1530,AmazonGuardDuty,UnauthorizedAccess:S3/TorIPCaller
T1530,AmazonMacie,Policy:IAMUser/S3BlockPublicAccessDisabled
T1530,AmazonMacie,Policy:IAMUser/S3BucketEncryptionDisabled
T1530,AmazonMacie,Policy:IAMUser/S3BucketPublic
T1530,AmazonMacie,Policy:IAMUser/S3BucketReplicatedExternally
T1530,AmazonMacie,Policy:IAMUser/S3BucketSharedExternally
T1530,AmazonMacie,SensitiveData:S3Object/Credentials
T1530,AmazonMacie,SensitiveData:S3Object/CustomIdentifier
T1530,AmazonMacie,SensitiveData:S3Object/Financial
T1530,AmazonMacie,SensitiveData:S3Object/Multiple
T1530,AmazonMacie,SensitiveData:S3Object/Personal
T1530,AWSConfig,dms-replication-not-public 
T1530,AWSConfig,efs-encrypted-check
T1530,AWSConfig,elasticsearch-encrypted-at-rest
T1530,AWSConfig,emr-master-no-public-ip
T1530,AWSConfig,rds-snapshot-encrypted
T1530,AWSConfig,rds-snapshots-public-prohibited
T1530,AWSConfig,redshift-cluster-configuration-check
T1530,AWSConfig,redshift-cluster-kms-enabled
T1530,AWSConfig,redshift-cluster-public-access-check
T1530,AWSConfig,s3-bucket-level-public-access-prohibited
T1530,AWSConfig,s3-bucket-public-read-prohibited
T1530,AWSConfig,s3-bucket-server-side-encryption-enabled
T1530,AWSConfig,sagemaker-endpoint-configuration-kms-key-configured
T1530,AWSConfig,sagemaker-notebook-instance-kms-key-configured
T1530,AWSConfig,sagemaker-notebook-no-direct-internet-access
T1530,AWSConfig,sns-encrypted-kms
T1530,AWSIOTDeviceDefender,aws:all-bytes-in
T1530,AWSIOTDeviceDefender,aws:all-bytes-out
T1530,AWSIOTDeviceDefender,aws:all-packets-in
T1530,AWSIOTDeviceDefender,aws:all-packets-out
T1530,AWSIOTDeviceDefender,aws:message-byte-size
T1530,AWSIOTDeviceDefender,aws:num-messages-received
T1530,AWSIOTDeviceDefender,aws:num-messages-sent
T1530,AWSIOTDeviceDefender,aws:source-ip-address
T1530,AWSNetworkFirewall,Exfiltration:S3/MaliciousIPCaller
T1530,AWSRDS,rds-storage-encrypted
T1530,AWSSecurityHub,3.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes 
T1530,AWSSecurityHub,S3 buckets with public write or read permissions
T1531,AmazonGuardDuty,Impact:IAMUser/AnomalousBehavior
T1531,AWSSecurityHub,3.4 Ensure a log metric filter and alarm exist for IAM policy changes 
T1535,AWSIAM,multi-region-cloudtrail-enabled
T1552.001,AWSKeyManagementService,encrypted-volumes
T1535,AWSConfig,multi-region-cloudtrail-enabled
T1537,AmazonMacie,Policy:IAMUser/S3BucketReplicatedExternally
T1537,AmazonMacie,Policy:IAMUser/S3BucketSharedExternally
T1538,AWSConfig,mfa-enabled-for-iam-console-access
T1538,AWSOrganizations,mfa-enabled-for-iam-console-access
T1552.001,AmazonGuardDuty,Exfiltration:S3/MaliciousIPCaller
T1552.001,AmazonGuardDuty,Impact:S3/MaliciousIPCaller
T1552.001,AmazonGuardDuty,PenTest:S3/KaliLinux
T1552.001,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1552.001,AmazonGuardDuty,PenTest:S3/PentooLinux
T1552.001,AmazonGuardDuty,UnauthorizedAccess:S3/MaliciousIPCaller.Custom
T1552.001,AmazonGuardDuty,UnauthorizedAccess:S3/TorIPCaller
T1552.001,AmazonMacie,SensitiveData:S3Object/Credentials
T1552.001,AmazonMacie,SensitiveData:S3Object/Multiple
T1552.001,AWSCloudHSM,encrypted-volumes
T1040,AWSConfig,cloudtrail-enabled
T1552.001,AWSConfig,ec2-ebs-encryption-by-default
T1552.001,AWSConfig,encrypted-volumes
T1552.001,AWSConfig,s3-bucket-level-public-access-prohibited
T1552.001,AWSConfig,s3-bucket-public-read-prohibited
T1552.001,AWSConfig,s3-bucket-server-side-encryption-enabled
T1552.005,AmazonGuardDuty,UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration
T1552.005,AWSConfig,ec2-imdsv2-check
T1562.001,AmazonGuardDuty,Exfiltration:S3/MaliciousIPCaller
T1562.001,AmazonGuardDuty,Impact:S3/MaliciousIPCaller
T1562.001,AmazonGuardDuty,PenTest:S3/KaliLinux
T1562.001,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1562.001,AmazonGuardDuty,PenTest:S3/PentooLinux
T1562.001,AmazonGuardDuty,Stealth:IAMUser/CloudTrailLoggingDisabled
T1562.001,AmazonGuardDuty,Stealth:IAMUser/PasswordPolicyChange
T1562.001,AmazonGuardDuty,Stealth:S3/ServerAccessLoggingDisabled
T1562.001,AmazonGuardDuty,UnauthorizedAccess:S3/MaliciousIPCaller.Custom
T1562.001,AmazonGuardDuty,UnauthorizedAccess:S3/TorIPCaller
T1562.001,AWSSecurityHub,3.10 Ensure a log metric filter and alarm exist for security group changes
T1562.001,AWSSecurityHub,3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 
T1562.001,AWSSecurityHub,3.12 Ensure a log metric filter and alarm exist for changes to network gateways 
T1562.001,AWSSecurityHub,3.13 Ensure a log metric filter and alarm exist for route table changes
T1562.001,AWSSecurityHub,3.14 Ensure a log metric filter and alarm exist for VPC changes
T1562.001,AWSSecurityHub,3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
T1562.001,AWSSecurityHub,3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes
T1562.007,AWSConfig,api-gw-associated-with-waf
T1562.007,AWSConfig,ec2-security-group-attached-to-eni
T1562.007,AWSConfig,internet-gateway-authorized-vpc-only
T1562.007,AWSConfig,subnet-auto-assign-public-ip-disabled
T1562.007,AWSConfig,vpc-sg-open-only-to-authorized-ports
T1562.007,AWSSecurityHub,3.10 Ensure a log metric filter and alarm exist for security group changes
T1562.007,AWSSecurityHub,3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 
T1562.007,AWSSecurityHub,3.12 Ensure a log metric filter and alarm exist for changes to network gateways 
T1562.007,AWSSecurityHub,3.13 Ensure a log metric filter and alarm exist for route table changes
T1562.007,AWSSecurityHub,3.14 Ensure a log metric filter and alarm exist for VPC changes
T1562.007,AWSSecurityHub,3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
T1562.007,AWSSecurityHub,3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes
T1562.008,AmazonGuardDuty,Exfiltration:S3/MaliciousIPCaller
T1562.008,AmazonGuardDuty,Impact:S3/MaliciousIPCaller
T1562.008,AmazonGuardDuty,PenTest:S3/KaliLinux
T1562.008,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1562.008,AmazonGuardDuty,PenTest:S3/PentooLinux
T1562.008,AmazonGuardDuty,Stealth:IAMUser/CloudTrailLoggingDisabled
T1562.008,AmazonGuardDuty,Stealth:IAMUser/PasswordPolicyChange
T1562.008,AmazonGuardDuty,Stealth:S3/ServerAccessLoggingDisabled
T1562.008,AmazonGuardDuty,UnauthorizedAccess:S3/MaliciousIPCaller.Custom
T1562.008,AmazonGuardDuty,UnauthorizedAccess:S3/TorIPCaller
T1562.008,AWSConfig,api-gw-execution-logging-enabled
T1562.008,AWSConfig,cloud-trail-cloud-watch-logs-enabled
T1562.008,AWSConfig,cloudtrail-s3-dataevents-enabled
T1562.008,AWSConfig,cloudtrail-security-trail-enabled
T1562.008,AWSConfig,elasticsearch-logs-to-cloudwatch
T1562.008,AWSConfig,elb-logging-enabled
T1562.008,AWSConfig,rds-logging-enabled
T1562.008,AWSConfig,redshift-cluster-configuration-check
T1562.008,AWSConfig,s3-bucket-logging-enabled 
T1562.008,AWSConfig,vpc-flow-logs-enabled
T1562.008,AWSConfig,wafv2-logging-enabled
T1562.008,AWSIOTDeviceDefender,LOGGING_DISABLED_CHECK
T1562.008,AWSSecurityHub,3.10 Ensure a log metric filter and alarm exist for security group changes
T1562.008,AWSSecurityHub,3.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) 
T1562.008,AWSSecurityHub,3.12 Ensure a log metric filter and alarm exist for changes to network gateways 
T1562.008,AWSSecurityHub,3.13 Ensure a log metric filter and alarm exist for route table changes
T1562.008,AWSSecurityHub,3.14 Ensure a log metric filter and alarm exist for VPC changes
T1562.008,AWSSecurityHub,3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes
T1562.008,AWSSecurityHub,3.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes
T1566,AmazonGuardDuty,Trojan:EC2/PhishingDomainRequest!DNS
T1580,AmazonGuardDuty,Discovery:IAMUser/AnomalousBehavior
T1580,AmazonGuardDuty,Discovery:S3/MaliciousIPCaller
T1580,AmazonGuardDuty,Discovery:S3/MaliciousIPCaller.Custom
T1580,AmazonGuardDuty,Discovery:S3/TorIPCaller
T1580,AmazonGuardDuty,PenTest:IAMUser/KaliLinux
T1580,AmazonGuardDuty,PenTest:IAMUser/ParrotLinux
T1580,AmazonGuardDuty,PenTest:IAMUser/PentooLinux
T1580,AmazonGuardDuty,PenTest:S3/KaliLinux
T1580,AmazonGuardDuty,PenTest:S3/ParrotLinux
T1580,AmazonGuardDuty,PenTest:S3/PentooLinux
T1580,AWSOrganizations,Discovery:IAMUser/AnomalousBehavior
T1580,AWSSecurityHub,3.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes 
T1580,AWSSecurityHub,EC2 instances that are open to the Internet
T1580,AWSSecurityHub,EC2 instances that have ports accessible from the Internet
T1580,AWSSecurityHub,S3 buckets with public write or read permissions
T1619,AmazonGuardDuty,Discovery:S3/MaliciousIPCaller
T1621,AmazonGuardDuty,UnauthorizedAccess:IAMUser/ConsoleLogin
T1046,AWSConfig,elbv2-acm-certificate-required
T1078.004,AWSConfig,elbv2-acm-certificate-required
T1098,AWSConfig,elbv2-acm-certificate-required
T1098.001,AWSConfig,elbv2-acm-certificate-required
T1098.004,AWSConfig,elbv2-acm-certificate-required
T1190,AWSConfig,elbv2-acm-certificate-required
T1199,AWSConfig,elbv2-acm-certificate-required
T1528,AWSConfig,elbv2-acm-certificate-required
T1550.001,AWSConfig,elbv2-acm-certificate-required
T1498.001,AWSConfig,lambda-concurrency-check
T1498.002,AWSConfig,lambda-concurrency-check
T1499.002,AWSConfig,lambda-concurrency-check
T1499.003,AWSConfig,lambda-concurrency-check
T1499.004,AWSConfig,lambda-concurrency-check
T1552,AWSConfig,alb-http-drop-invalid-header-enabled
T1110.004,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1530,AWSConfig,cloudwatch-log-group-encrypted
T1552.001,AWSConfig,codebuild-project-source-repo-url-check
T1552.001,AWSConfig,alb-http-drop-invalid-header-enabled
T1190,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1110.001,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1485,AWSConfig,cmk-backing-key-rotation-enabled
T1040,AWSConfig,alb-http-drop-invalid-header-enabled
T1078,AWSConfig,codebuild-project-envvar-awscred-check
T1552,AWSConfig,codebuild-project-source-repo-url-check
T1550.001,AWSConfig,cloudwatch-log-group-encrypted
T1078.001,AWSConfig,codebuild-project-source-repo-url-check
T1078,AWSConfig,codebuild-project-source-repo-url-check
T1552,AWSConfig,api-gw-cache-enabled-and-encrypted
T1078.004,AWSConfig,codebuild-project-envvar-awscred-check
T1550.001,AWSConfig,alb-http-drop-invalid-header-enabled
T1552,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1528,AWSConfig,alb-http-drop-invalid-header-enabled
T1552,AWSConfig,codebuild-project-envvar-awscred-check
T1552,AWSConfig,ssm-document-not-public
T1562.007,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1528,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1550.001,AWSConfig,codebuild-project-source-repo-url-check
T1530,AWSConfig,api-gw-cache-enabled-and-encrypted
T1525,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1552.001,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1110.002,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1204.003,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1078.004,AWSConfig,codebuild-project-source-repo-url-check
T1189,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1562.008,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1562.001,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1119,AWSConfig,api-gw-cache-enabled-and-encrypted
T1552.005,AWSConfig,ssm-document-not-public
T1119,AWSConfig,cloudwatch-log-group-encrypted
T1552.005,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1550.001,AWSConfig,api-gw-cache-enabled-and-encrypted
T1552,AWSConfig,cloudwatch-log-group-encrypted
T1552.001,AWSConfig,ssm-document-not-public
T1552.001,AWSConfig,codebuild-project-envvar-awscred-check
T1110.003,AWSConfig,ec2-managedinstance-patch-compliance-status-check
T1078.001,AWSConfig,codebuild-project-envvar-awscred-check
T1098.001,AWSConfig,opensearch-access-control-enabled
MITRE,servicio,Rule
T1562.001,AWSConfig,ecs-containers-nonprivileged
T1087.004,AWSConfig,efs-access-point-enforce-root-directory
T1078.004,AWSConfig,emr-kerberos-enabled
T1525,AWSConfig,ecs-containers-nonprivileged
T1526,AWSConfig,ecs-containers-readonly-access
T1110.001,AWSConfig,emr-kerberos-enabled
T1110.004,AWSConfig,emr-kerberos-enabled
T1580,AWSConfig,efs-access-point-enforce-root-directory
T1530,AWSConfig,s3-bucket-acl-prohibited
T1087.004,AWSConfig,emr-kerberos-enabled
T1580,AWSConfig,efs-access-point-enforce-user-identity
T1562.008,AWSConfig,ecs-containers-nonprivileged
T1562.008,AWSConfig,ecs-containers-readonly-access
T1580,AWSConfig,ecs-containers-nonprivileged
T1552.001,AWSConfig,ecs-containers-nonprivileged
T1098.001,AWSConfig,efs-access-point-enforce-root-directory
T1552.001,AWSConfig,efs-access-point-enforce-root-directory
T1562.007,AWSConfig,ecs-containers-readonly-access
T1087.004,AWSConfig,efs-access-point-enforce-user-identity
T1562.001,AWSConfig,ecs-containers-readonly-access
T1098.004,AWSConfig,efs-access-point-enforce-root-directory
T1580,AWSConfig,opensearch-access-control-enabled
T1525,AWSConfig,ecs-containers-readonly-access
T1528,AWSConfig,ecs-containers-nonprivileged
T1530,AWSConfig,opensearch-access-control-enabled
T1087.004,AWSConfig,opensearch-access-control-enabled
T1098.001,AWSConfig,emr-kerberos-enabled
T1040,AWSConfig,efs-access-point-enforce-root-directory
T1580,AWSConfig,ecs-containers-readonly-access
T1110.003,AWSConfig,emr-kerberos-enabled
T1538,AWSConfig,opensearch-access-control-enabled
T1098.004,AWSConfig,emr-kerberos-enabled
T1528,AWSConfig,ecs-containers-readonly-access
T1537,AWSConfig,s3-bucket-acl-prohibited
T1562.007,AWSConfig,ecs-containers-nonprivileged
T1526,AWSConfig,opensearch-access-control-enabled
T1098.004,AWSConfig,opensearch-access-control-enabled
T1078.004,AWSConfig,opensearch-access-control-enabled
T1528,AWSConfig,efs-access-point-enforce-root-directory
T1040,AWSConfig,efs-access-point-enforce-user-identity
T1528,AWSConfig,efs-access-point-enforce-user-identity
T1552.001,AWSConfig,efs-access-point-enforce-user-identity
T1526,AWSConfig,ecs-containers-nonprivileged
T1578.002,AWSConfig,multi-region-cloudtrail-enabled
T1578.004,AWSConfig,multi-region-cloudtrail-enabled
T1578.003,AWSConfig,multi-region-cloudtrail-enabled
T1526,AWSConfig,multi-region-cloudtrail-enabled
T1496,AWSConfig,multi-region-cloudtrail-enabled
T1578,AWSConfig,multi-region-cloudtrail-enabled
T1046,AWSConfig,securityhub-enabled
T1531,AWSConfig,multi-region-cloudtrail-enabled
T1578.001,AWSConfig,multi-region-cloudtrail-enabled
T1491.002,AWSConfig,autoscaling-launch-config-public-ip-disabled
T1562.001,AWSConfig,cloudtrail-enabled
T1136.003,AWSConfig,cloudtrail-enabled
T1578.003,AWSConfig,cloud-trail-log-file-validation-enabled
T1552.001,AWSConfig,cloudtrail-enabled
T1189,AWSConfig,ec2-instance-managed-by-systems-manager
T1190,AWSConfig,ec2-instance-managed-by-systems-manager
T1110.004,AWSConfig,cloudtrail-enabled
T1498.001,AWSConfig,autoscaling-group-elb-healthcheck-required
T1204.003,AWSConfig,restricted-ssh
T1078.001,AWSConfig,ebs-snapshot-public-restorable-check
T1189,AWSConfig,cloud-trail-log-file-validation-enabled
T1562.007,AWSConfig,ec2-instances-in-vpc
T1110.002,AWSConfig,cloudtrail-enabled
T1201,AWSConfig,cloud-trail-encryption-enabled
T1550.001,AWSConfig,ec2-instance-managed-by-systems-manager
T1530,AWSConfig,cloudtrail-enabled
T1199,AWSConfig,alb-waf-enabled
T1110.001,AWSConfig,restricted-ssh
T1562,AWSConfig,restricted-ssh
T1525,AWSConfig,ec2-instance-managed-by-systems-manager
T1552,AWSConfig,cloud-trail-encryption-enabled
T1040,AWSConfig,restricted-common-ports
T1499.004,AWSConfig,beanstalk-enhanced-health-reporting-enabled
T1498.002,AWSConfig,beanstalk-enhanced-health-reporting-enabled
T1499.002,AWSConfig,cloudtrail-enabled
T1562.001,AWSConfig,restricted-ssh
T1537,AWSConfig,cloudtrail-enabled
T1580,AWSConfig,cloudtrail-enabled
T1528,AWSConfig,cloud-trail-encryption-enabled
T1562.008,AWSConfig,ec2-instances-in-vpc
T1537,AWSConfig,ec2-instances-in-vpc
T1098,AWSConfig,cloud-trail-log-file-validation-enabled
T1204.003,AWSConfig,ebs-snapshot-public-restorable-check
T1098,AWSConfig,cloudtrail-enabled
T1552.001,AWSConfig,ec2-instance-managed-by-systems-manager
T1485,AWSConfig,cloudtrail-enabled
T1046,AWSConfig,restricted-common-ports
T1499.003,AWSConfig,alb-waf-enabled
T1190,AWSConfig,ec2-instances-in-vpc
T1566,AWSConfig,cloudtrail-enabled
T1119,AWSConfig,rds-multi-az-support
T1190,AWSConfig,cloudtrail-enabled
T1098.004,AWSConfig,cloud-trail-log-file-validation-enabled
T1499.002,AWSConfig,autoscaling-launch-config-public-ip-disabled
T1578.001,AWSConfig,cloud-trail-log-file-validation-enabled
T1530,AWSConfig,ebs-snapshot-public-restorable-check
T1046,AWSConfig,alb-waf-enabled
T1498.002,AWSConfig,autoscaling-launch-config-public-ip-disabled
T1110.003,AWSConfig,cloudtrail-enabled
T1136,AWSConfig,cloud-trail-log-file-validation-enabled
T1204.003,AWSConfig,cloud-trail-encryption-enabled
T1562.008,AWSConfig,cloudtrail-enabled
T1485,AWSConfig,rds-multi-az-support
T1190,AWSConfig,autoscaling-launch-config-public-ip-disabled
T1499.004,AWSConfig,alb-waf-enabled
T1499.002,AWSConfig,beanstalk-enhanced-health-reporting-enabled
T1201,AWSConfig,cloudtrail-enabled
T1498.001,AWSConfig,alb-waf-enabled
T1098.004,AWSConfig,cloudtrail-enabled
T1110.001,AWSConfig,cloudtrail-enabled
T1040,AWSConfig,ec2-instances-in-vpc
T1528,AWSConfig,ebs-snapshot-public-restorable-check
T1190,AWSConfig,restricted-ssh
T1485,AWSConfig,ec2-instances-in-vpc
T1110,AWSConfig,restricted-ssh
T1580,AWSConfig,cloud-trail-encryption-enabled
T1098.001,AWSConfig,cloud-trail-log-file-validation-enabled
T1486,AWSConfig,ec2-instances-in-vpc
T1498.001,AWSConfig,autoscaling-launch-config-public-ip-disabled
T1098.004,AWSConfig,ec2-instance-managed-by-systems-manager
T1498.002,AWSConfig,cloudtrail-enabled
T1087.004,AWSConfig,cloudtrail-enabled
T1562.007,AWSConfig,restricted-ssh
T1499.003,AWSConfig,beanstalk-enhanced-health-reporting-enabled
T1498.001,AWSConfig,ec2-instances-in-vpc
T1110.004,AWSConfig,restricted-ssh
T1491.002,AWSConfig,cloudtrail-enabled
T1578,AWSConfig,cloud-trail-log-file-validation-enabled
T1498.001,AWSConfig,cloudtrail-enabled
T1110.003,AWSConfig,restricted-ssh
T1189,AWSConfig,ec2-instances-in-vpc
T1550.001,AWSConfig,cloudtrail-enabled
T1562,AWSConfig,ec2-instances-in-vpc
T1499.004,AWSConfig,autoscaling-launch-config-public-ip-disabled
T1499.003,AWSConfig,cloudtrail-enabled
T1498.002,AWSConfig,autoscaling-group-elb-healthcheck-required
T1119,AWSConfig,cloudtrail-enabled
T1499.002,AWSConfig,alb-waf-enabled
T1499.004,AWSConfig,cloudtrail-enabled
T1552.005,AWSConfig,cloudtrail-enabled
T1498.002,AWSConfig,ec2-instances-in-vpc
T1046,AWSConfig,ec2-instances-in-vpc
T1486,AWSConfig,rds-multi-az-support
T1562.001,AWSConfig,ec2-instances-in-vpc
T1562.007,AWSConfig,cloudtrail-enabled
T1119,AWSConfig,ec2-instances-in-vpc
T1204.003,AWSConfig,cloudtrail-enabled
T1486,AWSConfig,cloud-trail-log-file-validation-enabled
T1491.002,AWSConfig,rds-multi-az-support
T1201,AWSConfig,restricted-ssh
T1498.001,AWSConfig,beanstalk-enhanced-health-reporting-enabled
T1189,AWSConfig,cloudtrail-enabled
T1098.001,AWSConfig,cloudtrail-enabled
T1485,AWSConfig,cloud-trail-log-file-validation-enabled
T1078.004,AWSConfig,ebs-snapshot-public-restorable-check
T1189,AWSConfig,alb-waf-enabled
T1525,AWSConfig,cloudtrail-enabled
T1578.002,AWSConfig,cloud-trail-log-file-validation-enabled
T1199,AWSConfig,cloudtrail-enabled
T1498.002,AWSConfig,alb-waf-enabled
T1087.004,AWSConfig,ebs-snapshot-public-restorable-check
T1046,AWSConfig,cloudtrail-enabled
T1552,AWSConfig,cloudtrail-enabled
T1528,AWSConfig,cloudtrail-enabled
T1499.004,AWSConfig,autoscaling-group-elb-healthcheck-required
T1491.002,AWSConfig,ec2-instance-managed-by-systems-manager
T1087.004,AWSConfig,cloud-trail-encryption-enabled
T1190,AWSConfig,alb-waf-enabled
T1486,AWSConfig,cloudtrail-enabled
T1538,AWSConfig,cloudtrail-enabled
T1499.003,AWSConfig,autoscaling-launch-config-public-ip-disabled
T1078.001,AWSConfig,cloudtrail-enabled
T1499.002,AWSConfig,autoscaling-group-elb-healthcheck-required
T1189,AWSConfig,restricted-ssh
T1078.004,AWSConfig,cloudtrail-enabled
T1136.003,AWSConfig,cloud-trail-log-file-validation-enabled
T1204.003,AWSConfig,ec2-instance-managed-by-systems-manager
T1499.003,AWSConfig,autoscaling-group-elb-healthcheck-required