1. Home
  2. Data Sources
  3. Cloud Storage

Cloud Storage

Data object storage infrastructure hosted on-premise or by third-party providers, made available to users through network connections and/or APIs[1][2][3]

ID: DS0010
Platform: IaaS
Collection Layer: Cloud Control Plane
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

Cloud Storage: Cloud Storage Access

Opening of a cloud storage infrastructure, typically to collect/read its value (ex: AWS S3 GetObject)

Cloud Storage: Cloud Storage Access

Opening of a cloud storage infrastructure, typically to collect/read its value (ex: AWS S3 GetObject)

Domain ID Name
Enterprise T1619 Cloud Storage Object Discovery
Enterprise T1530 Data from Cloud Storage Object

Cloud Storage: Cloud Storage Creation

Initial construction of new cloud storage infrastructure (ex: AWS S3 CreateBucket)

Cloud Storage: Cloud Storage Creation

Initial construction of new cloud storage infrastructure (ex: AWS S3 CreateBucket)

Domain ID Name
Enterprise T1537 Transfer Data to Cloud Account

Cloud Storage: Cloud Storage Deletion

Removal of cloud storage infrastructure (ex: AWS S3 DeleteBucket)

Cloud Storage: Cloud Storage Deletion

Removal of cloud storage infrastructure (ex: AWS S3 DeleteBucket)

Domain ID Name
Enterprise T1485 Data Destruction

Cloud Storage: Cloud Storage Enumeration

An extracted list of cloud storage infrastructure (ex: AWS S3 ListBuckets or ListObjects)

Cloud Storage: Cloud Storage Enumeration

An extracted list of cloud storage infrastructure (ex: AWS S3 ListBuckets or ListObjects)

Domain ID Name
Enterprise T1580 Cloud Infrastructure Discovery
Enterprise T1619 Cloud Storage Object Discovery

Cloud Storage: Cloud Storage Metadata

Contextual data about cloud storage infrastructure and activity around it such as name, size, or owner

Cloud Storage: Cloud Storage Metadata

Contextual data about cloud storage infrastructure and activity around it such as name, size, or owner

Domain ID Name
Enterprise T1580 Cloud Infrastructure Discovery
Enterprise T1486 Data Encrypted for Impact

Cloud Storage: Cloud Storage Modification

Changes made to cloud storage infrastructure, including its settings and/or data (ex: AWS S3 PutObject or PutObjectAcl)

Cloud Storage: Cloud Storage Modification

Changes made to cloud storage infrastructure, including its settings and/or data (ex: AWS S3 PutObject or PutObjectAcl)

Domain ID Name
Enterprise T1486 Data Encrypted for Impact
Enterprise T1537 Transfer Data to Cloud Account

References

  1. Amazon. (n.d.). Amazon S3. Retrieved October 13, 2021.
  2. Microsoft. (n.d.). Azure Blob Storage. Retrieved October 13, 2021.
  1. Google. (n.d.). Cloud Storage. Retrieved October 13, 2021.