/
Security Group Change

Security Group Change

Owned by Former user (Deleted)
Last updated: Oct 29, 2020
1 min read

Security group changes will most likely be warranted and initiated by the account owner. Keeping and reporting on logs for these events is beneficial in order to obtain an audit trail and sequence of events surrounding each change. Attackers will seek to alter security groups in order to maintain a footprint and access to the resource. If a change occurs that does not appear to be validated, notify security and infrastructure immediately. 



To learn more about the category of security group changes monitored by CUIT, refer to AWS documentation for some of the common items such as:



CreateSecurityGroup: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html

RevokeSecurityGroupIngress: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RevokeSecurityGroupIngress.html

RevokeSecurityGroupEgress: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RevokeSecurityGroupEgress.html

Related content

Security Group Changes
Security Group Changes
CUIT CyberSecurity
More like this
VPC Changes
VPC Changes
CUIT CyberSecurity
More like this
AWS Config Rule Change
AWS Config Rule Change
CUIT CyberSecurity
More like this
S3 Bucket Changes
S3 Bucket Changes
CUIT CyberSecurity
More like this
IAM Policy Changes
IAM Policy Changes
CUIT CyberSecurity
More like this
Malicious Activity Detected - Threat Intel
Malicious Activity Detected - Threat Intel
CUIT CyberSecurity
More like this