Detections
Analytics
Cloud Service Discovery
Description
An adversary may attempt to enumerate the cloud services running on a system after gaining access. These methods can differ from platform-as-a-service (PaaS), to infrastructure-as-a-service (IaaS), or software-as-a-service (SaaS). Many services exist throughout the various cloud providers and can include Continuous Integration and Continuous Delivery (CI/CD), Lambda Functions, Entra ID, etc. They may also include security services, such as AWS GuardDuty and Microsoft Defender for Cloud, and logging services, such as AWS CloudTrail and Google Cloud Audit Logs.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Entra ID | Read-only | HTTPS | Azure SPs | ||
| Tenable Cloud Security | Entra ID | Read-only | HTTPS | Azure SPs |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Discovery
Technique: Cloud Service Discovery
Sub-Technique: Cloud Service Discovery
Platform: Entra ID
Products Required: Tenable Cloud Security or Tenable Identity Exposure
Tenable Release Date: 2024 Q2