Skip to content

MISP galaxy

Home
Statistics
360net
360net
- 360.net Threat Actors
Ammunitions
Ammunitions
- Ammunitions
Android
Android
- Android
Atrm
Atrm
- Azure Threat Research Matrix
Attck4fraud
Attck4fraud
- attck4fraud
Backdoor
Backdoor
- Backdoor
Banker
Banker
- Banker
Bhadra framework
Bhadra framework
- Bhadra Framework
Botnet
Botnet
- Botnet
Branded vulnerability
Branded vulnerability
- Branded Vulnerability
Cancer
Cancer
- Cancer
Cert eu govsector
Cert eu govsector
- Cert EU GovSector
China defence universities
China defence universities
- China Defence Universities Tracker
Cmtmf attack pattern
Cmtmf attack pattern
- CONCORDIA Mobile Modelling Framework - Attack Pattern
Country
Country
- Country
Cryptominers
Cryptominers
- Cryptominers
Disarm actortypes
Disarm actortypes
- Actor Types
Disarm countermeasures
Disarm countermeasures
- Countermeasures
Disarm detections
Disarm detections
- Detections
Disarm techniques
Disarm techniques
- Techniques
Election guidelines
Election guidelines
- Election guidelines
Entity
Entity
- Entity
Exploit kit
Exploit kit
- Exploit-Kit
Firearms
Firearms
- Firearms
First csirt services framework
First csirt services framework
- FIRST CSIRT Services Framework
First dns
First dns
- FIRST DNS Abuse Techniques Matrix
Gsma motif
Gsma motif
- GSMA MoTIF
Handicap
Handicap
- Handicap
Human kill chain
Human kill chain
- Human Layer Kill Chain
Intelligence agencies
Intelligence agencies
- Intelligence Agencies
Interpol dwva
Interpol dwva
- INTERPOL DWVA Taxonomy
Malpedia
Malpedia
- Malpedia
Microsoft activity group
Microsoft activity group
- Microsoft Activity Group actor
Misinfosec amitt misinformation pattern
Misinfosec amitt misinformation pattern
- Misinformation Pattern
Mitre atlas attack pattern
Mitre atlas attack pattern
- MITRE ATLAS Attack Pattern
Mitre atlas course of action
Mitre atlas course of action
- MITRE ATLAS Course of Action
Mitre attack pattern
Mitre attack pattern
- Attack Pattern
Mitre course of action
Mitre course of action
- Course of Action
Mitre d3fend
Mitre d3fend
- MITRE D3FEND
Mitre data component
Mitre data component
- mitre-data-component
Mitre data source
Mitre data source
- mitre-data-source
Mitre engage framework
Mitre engage framework
- MITRE Engage Framework
Mitre ics assets
Mitre ics assets
- Assets
Mitre ics groups
Mitre ics groups
- Groups
Mitre ics levels
Mitre ics levels
- Levels
Mitre ics software
Mitre ics software
- Software
Mitre ics tactics
Mitre ics tactics
- Tactics
Mitre intrusion set
Mitre intrusion set
- Intrusion Set
Mitre malware
Mitre malware
- Malware
Mitre tool
Mitre tool
- mitre-tool
Nace
Nace
- NACE
Naics
Naics
- NAICS
Nato
Nato
- Index
Nice framework competency areas
Nice framework competency areas
- NICE Competency areas
Nice framework knowledges
Nice framework knowledges
- NICE Knowledges
Nice framework opm codes
Nice framework opm codes
- OPM codes in cybersecurity
Nice framework skills
Nice framework skills
- NICE Skills
Nice framework tasks
Nice framework tasks
- NICE Tasks
Nice framework work roles
Nice framework work roles
- NICE Work Roles
O365 exchange techniques
O365 exchange techniques
- o365-exchange-techniques
Online service
Online service
- online-service
Preventive measure
Preventive measure
- Preventive Measure
Producer
Producer
- Producer
Ransomware
Ransomware
- Ransomware
Rat
Rat
- RAT
Region
Region
- Regions UN M49
Rsit
Rsit
- rsit
Scor about
Scor about
- SCOR - About
Scor space shield mitigations
Scor space shield mitigations
- SCOR SPACE-SHIELD Mitigations
Scor space shield tactics
Scor space shield tactics
- SCOR SPACE-SHIELD Tactics
Scor space shield techniques
Scor space shield techniques
- SCOR SPACE-SHIELD Techniques
Scor sparta mitigations
Scor sparta mitigations
- SCOR SPARTA Mitigations
Scor sparta tactics
Scor sparta tactics
- SCOR SPARTA Tactics
Scor sparta techniques
Scor sparta techniques
- SCOR SPARTA Techniques
Sector
Sector
- Sector
Sigma rules
Sigma rules
- Sigma-Rules
Social dark patterns
Social dark patterns
- Dark Patterns
Sod matrix
Sod matrix
- SoD Matrix
Stealer
Stealer
- Stealer
Surveillance vendor
Surveillance vendor
- Surveillance Vendor
Target information
Target information
- Target Information
Tds
Tds
- TDS
Tea matrix
Tea matrix
- Tea Matrix
Threat actor
Threat actor
- Threat Actor
Tidal campaigns
Tidal campaigns
- Tidal Campaigns
Tidal groups
Tidal groups
- Tidal Groups
Tidal references
Tidal references
- Tidal References
Tidal software
Tidal software
- Tidal Software
Tidal tactic
Tidal tactic
- Tidal Tactic
Tidal technique
Tidal technique
- Tidal Technique
Tmss
Tmss
- Threat Matrix for storage services
Tool
Tool
- Tool
Uavs
Uavs
- UAVs/UCAVs
Ukhsa culture collections
Ukhsa culture collections
- UKHSA Culture Collections

Hide Navigation Hide TOC

Volume Creation (dad75cc7-5bae-4175-adb4-ca1962d8650e)

The initial provisioning of block storage volumes in cloud or on-prem environments, typically used for data storage, backup, or workload scaling.

Data Collection Measures:

Cloud-Based Logging & Monitoring
- AWS CloudTrail
  - CreateVolume – Logs the creation of new Amazon Elastic Block Store (EBS) volumes.
  - RunInstances – Can be correlated to detect automatic volume provisioning.
- Azure Monitor & Log Analytics
  - Microsoft.Compute/disks/write – Captures creation of new managed/unmanaged disks.
  - Microsoft.Storage/storageAccounts/write – Detects creation of new Azure Blob Storage volumes.
- Google Cloud Logging (GCP)
  - compute.disks.insert – Tracks new persistent disk creation.
  - compute.instances.attachDisk – Logs attachment of a volume to a running VM.
- OpenStack Logs
  - volume.create – Captures new storage volume provisioning.
  - cinder.volume.create – Logs OpenStack Cinder block storage creation.
Host-Based & SIEM Detection
- Linux/macOS System Logs
  - /var/log/syslog & /var/log/messages – Detects new mount points or attached storage.
  - dmesg | grep "new disk" – Identifies kernel messages for volume attachment.
  - AuditD: Tracks mkfs (filesystem creation) for new volume provisioning.
- Windows Event Logs
  - Event ID 1006 (Storage Management Events) – Captures disk volume creation.
  - Event ID 5145 (Object Access: File Share) – Detects access to newly created storage shares.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Volume Creation (dad75cc7-5bae-4175-adb4-ca1962d8650e)	mitre-data-component	Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90)	Attack Pattern	1