2_ds_amazon_amazon_s3.md
April 15, 2026 · View on GitHub
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Compromised Credentials | aws-storage-list ↳amazon-awscloudtrail-cef-bucket-list-success-headbucket aws-storage-list-failed ↳amazon-awscloudtrail-cef-bucket-list-success-headbucket aws-storageobject-read ↳amazon-awscloudtrail-cef-file-read-success-getobject ↳amazon-awscloudtrail-cef-file-read-success-getcors aws-storageobject-write ↳amazon-awscloudtrail-cef-file-write-success-putobject aws-storageobject-write-failed ↳amazon-awscloudtrail-cef-file-write-success-putobject web-activity-allowed ↳amazon-s3-cef-http-session-success-catchall web-activity-denied ↳amazon-s3-cef-http-session-success-catchall | T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1535 - Unused/Unsupported Cloud Regions T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|