Instance Enumeration (2a80d95f-08c4-48e3-833e-151ef19d90f5)

The process of retrieving or querying a list of virtual machine instances or compute instances within a cloud infrastructure. This activity provides a view of all available or running instances, typically including their associated metadata such as instance ID, name, state, and configuration details. Examples:

AWS: instance enumeration involves the DescribeInstances API call, which retrieves information about running or stopped EC2 instances.
Azure: VM enumeration can be monitored via the Microsoft.Compute/virtualMachines/read operation.
GCP: instance enumeration is logged as an instance.list operation within GCP Audit Logs.

Data Collection Measures:

AWS CloudTrail: CloudTrail logs stored in S3 or forwarded to CloudWatch.
Azure Activity Logs: Accessible via Azure Monitor or exported to a storage account.
GCP Audit Logs: Logs Explorer or BigQuery.

Rows: 1
Loading extensions...
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.2
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern		Clear mitre-data-component	Clear 1
Cloud Infrastructure Discovery - T1580 (57a3d31a-d04f-4663-b2da-7df8ec3f8c9d)	Attack Pattern	Instance Enumeration (2a80d95f-08c4-48e3-833e-151ef19d90f5)	mitre-data-component	1

Instance Enumeration (2a80d95f-08c4-48e3-833e-151ef19d90f5)

TableFilter v0.7.2