You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rules: Alibaba ActionTrail Network Access Control List Deleted
Description
Enforcing network-access controls is one of the defensive mechanisms used by cloud administrators to restrict access to a cloud instance. After the attacker has gained control of the console by compromising an admin account, they can delete a network ACL and gain access to the instance from anywhere.
Additional Details
Detail
Value
Type
Templated Match
Category
Unknown/Other
Apply Risk to Entities
srcDevice_ip, user_username
Signal Name
Alibaba ActionTrail Network Access Control List Deleted
Summary Expression
User: {{user_username}} from source IP: {{srcDevice_ip}} deleted a Network ACL