Rules : AWS CloudWatch Anomaly Detector Deletion
Detects the AWS CloudWatch DeleteAnomalyDetector API action. DeleteAnomalyDetector deletes the specified anomaly detection model from your account.
Detail
Value
Type
Templated Match
Category
Impact
Apply Risk to Entities
device_ip, user_username, srcDevice_ip, device_hostname, srcDevice_hostname
Signal Name
AWS CloudWatch Anomaly Detector Deletion
Summary Expression
{{action}} performed by user: {{user_username}}
Score/Severity
Static: 5
Enabled by Default
True
Prototype
False
Tags
_mitreAttackTechnique:T1562, _mitreAttackTactic:TA0005, _mitreAttackTechnique:T1562.008, _mitreAttackTechnique:T1562.001
Origin
Field
Normalized Schema
action
Normalized Schema
application
Normalized Schema
device_hostname
Normalized Schema
device_ip
Normalized Schema
listMatches
Normalized Schema
metadata_product
Normalized Schema
metadata_vendor
Normalized Schema
srcDevice_hostname
Normalized Schema
srcDevice_ip
Normalized Schema
user_username