Scribd
Upload
17 views2 pages

NIST CSF Control DE AE 2 Detected Events Are Analyzed To Understand

Detected events from the past month were analyzed to understand anomalous access failures and suspicious security events targeting AWS resources. Multiple anomalous access failures to AWS IAM roles were detected from IPs in Indonesia, with the most occurring on January 29th and 30th.

Uploaded by

haidir32
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views2 pages

NIST CSF Control DE AE 2 Detected Events Are Analyzed To Understand

Detected events from the past month were analyzed to understand anomalous access failures and suspicious security events targeting AWS resources. Multiple anomalous access failures to AWS IAM roles were detected from IPs in Indonesia, with the most occurring on January 29th and 30th.

Uploaded by

haidir32
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

NIST CSF Control DE.AE-2: Detected events are analyzed to understand attack targets and methods.

Anomalies and Events (DE.AE): Anomalous activity is detected in a timely manner and the potential impact of events is understood. Note on Control: This control is partially satisfied by alarms being
available for investigation and response, but requires the user to have an investigation and response policy utilizing the available logs. Associated Frameworks: ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7,
4.3.4.5.8, ISA 62443-3-3:2013 SR 2.8, SR 2.9, SR 2.10, SR 2.11, SR 2.12, SR 3.9, SR 6.1, SR 6.2, ISO/IEC 27001:2013 A.16.1.1, A.16.1.4, NIST SP 800-53 Rev. 4 AU-6, CA-7, IR-4, SI-4.
Sun, Dec 31 2023 - Tue, Jan 30 2024 (4 weeks and 2 days)

Filters Received: Sun 12/31/2023 12:30:39 PM - Tue 1/30/2024 12:30:39 PM  Suppressed: False

Alarms Over Time

30

20

10

nMon
31 01 Sat 06 Thu 11 Tue 16 Sun 21 Fri 26

INTENT STRATEGY METHOD TIME RECEIVED SOURCES DESTINATIONS SENSORS PRIORITY

Environm usmsensor2
AWS IAM Role Access Failur Tue, Jan 30 2024, 09:46
ental Awa Anomalous Access Failure i-0b99abd0b505efe0d logs.amazonaws.com Low
e AM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Tue, Jan 30 2024, 09:46
ental Awa Anomalous Access Failure i-019c47b6400e90cc5 logs.amazonaws.com Low
e AM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Tue, Jan 30 2024, 09:46
ental Awa Anomalous Access Failure i-0711c07f270774c8d logs.amazonaws.com Low
e AM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Tue, Jan 30 2024, 09:46
ental Awa Anomalous Access Failure i-040cb077a7d00a0e5 logs.amazonaws.com Low
e AM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Tue, Jan 30 2024, 09:46
ental Awa Anomalous Access Failure i-025c24779ebdeb037 logs.amazonaws.com Low
e AM UTC AWS
reness
Environm usmsensor2
Suspicious Security Critical Tue, Jan 30 2024, 03:10
ental Awa GuardDuty Alert Medium
Event AM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:3
ental Awa Anomalous Access Failure i-0b99abd0b505efe0d logs.amazonaws.com Low
e 6 PM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:21 Indonesia
ental Awa Anomalous Access Failure logs.amazonaws.com Low
e PM UTC 16.78.2.247 AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:21
ental Awa Anomalous Access Failure i-025c24779ebdeb037 logs.amazonaws.com Low
e PM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:16
ental Awa Anomalous Access Failure i-040cb077a7d00a0e5 logs.amazonaws.com Low
e PM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:16
ental Awa Anomalous Access Failure i-0711c07f270774c8d logs.amazonaws.com Low
e PM UTC AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:16
ental Awa Anomalous Access Failure i-019c47b6400e90cc5 logs.amazonaws.com Low
e PM UTC AWS
reness
Indonesia
Environm
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:16 ec2-43-218-46-189.ap-south usmsensor2
ental Awa Anomalous Access Failure logs.amazonaws.com Low
e PM UTC east-3.compute.amazonaws. AWS
reness
com

Environm Indonesia
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:16 usmsensor2
ental Awa Anomalous Access Failure ip-172-31-1-255.ap-southeast logs.amazonaws.com Low
e PM UTC AWS
reness -3.compute.internal
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:01 Indonesia
ental Awa Anomalous Access Failure logs.amazonaws.com Low
e PM UTC 43.218.46.189 AWS
reness
Environm usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 06:01 Indonesia
ental Awa Anomalous Access Failure logs.amazonaws.com Low
e PM UTC 108.137.130.129 AWS
reness
Indonesia
Environm ec2-43-218-99-94.ap-southe usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 05:5
ental Awa Anomalous Access Failure logs.amazonaws.com Low
e 6 PM UTC ast-3.compute.amazonaws.c AWS
reness
om
Environm Anomalous Access Failure AWS IAM Role Access Failur Mon, Jan 29 2024, 05:5 Indonesia logs.amazonaws.com usmsensor2 Low
ental Awa e 6 PM UTC ec2-43-218-79-99.ap-southe AWS
reness
INTENT STRATEGY METHOD TIME RECEIVED SOURCES DESTINATIONS SENSORS PRIORITY

ast-3.compute.amazonaws.c
om
Indonesia
Environm ec2-108-137-1-24.ap-southea usmsensor2
AWS IAM Role Access Failur Mon, Jan 29 2024, 05:5
ental Awa Anomalous Access Failure logs.amazonaws.com Low
e 6 PM UTC st-3.compute.amazonaws.co AWS
reness
m

Environm Indonesia
AWS IAM Role Access Failur Mon, Jan 29 2024, 05:5 usmsensor2
ental Awa Anomalous Access Failure ip-172-31-6-63.ap-southeast- logs.amazonaws.com Low
e 6 PM UTC AWS
reness 3.compute.internal

1 - 20 of 41

You might also like