<  Back to rules search

AWS EC2 instance participating in a DoS attack

guardduty

Classification:

attack

Tactic:

TA0040-impact

Technique:

T1496-resource-hijacking

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

WARNING: This rule is being deprecated on 6 March 2023.

  • Cloud SIEM team performs a regular audit of all detection rules to maintain high signal quality. We will be replacing this rule with an improved third party detection rule after the deprecation date. This rule will allow you to receive coverage with all GuardDuty detections and correlate them with other security signals fired.

Goal

Detect when an EC2 instance is participating in a Denial of Service (DoS) attack.

Strategy

This rule lets you monitor these GuardDuty integration findings:

Triage and response

  1. Determine if the EC2 instance is compromised and participating in a DoS attack.
  2. If the instance is compromised:
    • Review the AWS documentation on remediating a compromised EC2 instance.

Changelog

1 November 2022 - Updated links.