DC0097 Volume Creation
| Item | Value |
|---|---|
| ID | DC0097 |
| Version | 2.0 |
| Created | 20 October 2021 |
| Last Modified | 12 November 2025 |
Log Sources
| Name | Channel |
|---|---|
| AWS:CloudTrail | CreateVolume |
| WinEventLog:Microsoft-Windows-VSS | Volume Shadow Copy Creation |
Detection Strategy
| ID | Name | Technique Detected |
|---|---|---|
| DET0586 | Detection of NTDS.dit Credential Dumping from Domain Controllers | T1003.003 |
| DET0308 | Detection Strategy for Modify Cloud Compute Infrastructure | T1578 |