1. Home
  2. Data Sources
  3. Cloud Service

Cloud Service

Infrastructure, platforms, or software that are hosted on-premise or by third-party providers, made available to users through network connections and/or APIs[1][2]

ID: DS0025
Platforms: Azure AD, Google Workspace, IaaS, Office 365, SaaS
Collection Layer: Cloud Control Plane
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

Cloud Service: Cloud Service Disable

Deactivation or stoppage of a cloud service (ex: AWS Cloudtrail StopLogging)

Cloud Service: Cloud Service Disable

Deactivation or stoppage of a cloud service (ex: AWS Cloudtrail StopLogging)

Domain ID Name
Enterprise T1562 Impair Defenses
.008 Disable Cloud Logs

Cloud Service: Cloud Service Enumeration

An extracted list of cloud services (ex: AWS ECS ListServices)

Cloud Service: Cloud Service Enumeration

An extracted list of cloud services (ex: AWS ECS ListServices)

Domain ID Name
Enterprise T1526 Cloud Service Discovery
Enterprise T1046 Network Service Scanning

Cloud Service: Cloud Service Metadata

Contextual data about a cloud service and activity around it such as name, type, or purpose/function

Cloud Service: Cloud Service Metadata

Contextual data about a cloud service and activity around it such as name, type, or purpose/function

Domain ID Name
Enterprise T1526 Cloud Service Discovery

Cloud Service: Cloud Service Modification

Changes made to a cloud service, including its settings and/or data (ex: AWS CloudTrail DeleteTrail or DeleteConfigRule)

Cloud Service: Cloud Service Modification

Changes made to a cloud service, including its settings and/or data (ex: AWS CloudTrail DeleteTrail or DeleteConfigRule)

Domain ID Name
Enterprise T1562 Impair Defenses
.008 Disable Cloud Logs

References

  1. Amazon. (n.d.). Start Building on AWS Today. Retrieved October 13, 2021.
  1. Microsoft. (n.d.). Azure products. Retrieved October 13, 2021.