RDS Database Security Group Modification (14f3f1c8-02d5-43a2-a191-91ffb52d3015)
Detects changes to the security group entries for RDS databases. This can indicate that a misconfiguration has occurred which potentially exposes the database to the public internet, a wider audience within the VPC or that removal of valid rules has occurred which could impact the availability of the database to legitimate services and users.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) | Attack Pattern | RDS Database Security Group Modification (14f3f1c8-02d5-43a2-a191-91ffb52d3015) | Sigma-Rules | 1 |