Vendor: Amazon

April 15, 2026 · View on GitHub

Product: VPC Flow Logs

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
56	20	6	2	3

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Lateral Movement	network-connection-failed ↳amazon-awsvpc-json-network-traffic-success-amazonvpc ↳amazon-awsvpc-str-network-traffic-fail-reject ↳amazon-awsvpc-sk4-network-traffic-success-transitgateway network-connection-successful ↳amazon-awsvpc-json-network-traffic-success-amazonvpc ↳amazon-awsvpc-str-network-traffic-success-accept ↳amazon-awsvpc-sk4-network-traffic-success-transitgateway	T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	56 Rules 20 Models
Malware	network-connection-failed ↳amazon-awsvpc-json-network-traffic-success-amazonvpc ↳amazon-awsvpc-str-network-traffic-fail-reject ↳amazon-awsvpc-sk4-network-traffic-success-transitgateway network-connection-successful ↳amazon-awsvpc-json-network-traffic-success-amazonvpc ↳amazon-awsvpc-str-network-traffic-success-accept ↳amazon-awsvpc-sk4-network-traffic-success-transitgateway	TA0011 - TA0011	4 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Exploit Public Fasing Application									Proxy: Multi-hop Proxy Application Layer Protocol Proxy