Detections
Analytics
Command and Scripting Interpreter: Cloud API
Description
Adversaries may abuse cloud APIs to execute malicious commands. APIs available in cloud environments provide various functionalities and are a feature-rich method for programmatic access to nearly all aspects of a tenant. These APIs may be utilized through various methods such as command line interpreters (CLIs), in-browser Cloud Shells, PowerShell modules like Azure for PowerShell[1], or software developer kits (SDKs) available for languages such as Python.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Entra ID | Standard Azure AD User | API | List of oauth permission |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Execution
Technique: Command and Scripting Interpreter
Sub-Technique: Cloud API
Platform: Entra ID
Products Required: Tenable Identity Exposure
Tenable Release Date: 2024 Q3