1. Home
  2. Data Sources
  3. Instance

Instance

A virtual server environment which runs workloads, hosted on-premise or by third-party cloud providers[1][2]

ID: DS0030
Platform: IaaS
Collection Layer: Cloud Control Plane
Version: 1.0
Created: 20 October 2021
Last Modified: 20 October 2021

Data Components

Instance: Instance Creation

Initial construction of a new instance (ex: instance.insert within GCP Audit Logs)

Instance: Instance Creation

Initial construction of a new instance (ex: instance.insert within GCP Audit Logs)

Domain ID Name
Enterprise T1578 Modify Cloud Compute Infrastructure
.002 Create Cloud Instance
Enterprise T1535 Unused/Unsupported Cloud Regions
Enterprise T1204 User Execution
.003 Malicious Image

Instance: Instance Deletion

Removal of an instance (ex: instance.delete within GCP Audit Logs)

Instance: Instance Deletion

Removal of an instance (ex: instance.delete within GCP Audit Logs)

Domain ID Name
Enterprise T1485 Data Destruction
Enterprise T1578 Modify Cloud Compute Infrastructure
.003 Delete Cloud Instance

Instance: Instance Enumeration

An extracted list of instances within a cloud environment (ex: instance.list within GCP Audit Logs)

Instance: Instance Enumeration

An extracted list of instances within a cloud environment (ex: instance.list within GCP Audit Logs)

Domain ID Name
Enterprise T1580 Cloud Infrastructure Discovery

Instance: Instance Metadata

Contextual data about an instance and activity around it such as name, type, or status

Instance: Instance Metadata

Contextual data about an instance and activity around it such as name, type, or status

Domain ID Name
Enterprise T1580 Cloud Infrastructure Discovery
Enterprise T1082 System Information Discovery
Enterprise T1614 System Location Discovery

Instance: Instance Modification

Changes made to an instance, including its settings and/or control data (ex: instance.addResourcePolicies or instances.setMetadata within GCP Audit Logs)

Instance: Instance Modification

Changes made to an instance, including its settings and/or control data (ex: instance.addResourcePolicies or instances.setMetadata within GCP Audit Logs)

Domain ID Name
Enterprise T1578 Modify Cloud Compute Infrastructure
.004 Revert Cloud Instance

Instance: Instance Start

Activation or invocation of an instance (ex: instance.start within GCP Audit Logs)

Instance: Instance Start

Activation or invocation of an instance (ex: instance.start within GCP Audit Logs)

Domain ID Name
Enterprise T1578 Modify Cloud Compute Infrastructure
.004 Revert Cloud Instance
Enterprise T1204 User Execution
.003 Malicious Image

Instance: Instance Stop

Deactivation or stoppage of an instance (ex: instance.stop within GCP Audit Logs)

Instance: Instance Stop

Deactivation or stoppage of an instance (ex: instance.stop within GCP Audit Logs)

Domain ID Name
Enterprise T1578 Modify Cloud Compute Infrastructure
.004 Revert Cloud Instance

References

  1. Microsoft. (n.d.). What is a virtual machine (VM)?. Retrieved October 13, 2021.
  1. Google. (n.d.). Virtual machine instances. Retrieved October 13, 2021.