DC0057 Snapshot Creation
| Item | Value |
|---|---|
| ID | DC0057 |
| Version | 2.0 |
| Created | 20 October 2021 |
| Last Modified | 12 November 2025 |
Log Sources
| Name | Channel |
|---|---|
| AWS:CloudTrail | CreateSnapshot |
| azure:activity | MICROSOFT.COMPUTE/SNAPSHOTS/WRITE |
| esxi:vmkernel | snapshot create/write events |
Detection Strategy
| ID | Name | Technique Detected |
|---|---|---|
| DET0573 | Cross-Platform Detection of Data Transfer to Cloud Account | T1537 |
| DET0261 | Detection of Local Data Staging Prior to Exfiltration | T1074.001 |
| DET0308 | Detection Strategy for Modify Cloud Compute Infrastructure | T1578 |
| DET0423 | Detection Strategy for Modify Cloud Compute Infrastructure: Create Snapshot | T1578.001 |