DS0010 Cloud Storage
Data object storage infrastructure hosted on-premise or by third-party providers, made available to users through network connections and/or APIs123
| Item | Value |
|---|---|
| ID | DS0010 |
| Platforms | IaaS |
| Collection Layers | Cloud Control Plane |
| Version | 1.0 |
| Created | 20 October 2021 |
| Last Modified | 10 November 2021 |
Data Components
Cloud Storage Access
Opening of a cloud storage infrastructure, typically to collect/read its value (ex: AWS S3 GetObject)
| Domain | ID | Name |
|---|---|---|
| enterprise | T1619 | Cloud Storage Object Discovery |
| enterprise | T1530 | Data from Cloud Storage |
| enterprise | T1048 | Exfiltration Over Alternative Protocol |
Cloud Storage Creation
Initial construction of new cloud storage infrastructure (ex: AWS S3 CreateBucket)
| Domain | ID | Name |
|---|---|---|
| enterprise | T1537 | Transfer Data to Cloud Account |
Cloud Storage Deletion
Removal of cloud storage infrastructure (ex: AWS S3 DeleteBucket)
| Domain | ID | Name |
|---|---|---|
| enterprise | T1485 | Data Destruction |
| enterprise | T1490 | Inhibit System Recovery |
Cloud Storage Enumeration
An extracted list of cloud storage infrastructure (ex: AWS S3 ListBuckets or ListObjects)
| Domain | ID | Name |
|---|---|---|
| enterprise | T1580 | Cloud Infrastructure Discovery |
| enterprise | T1619 | Cloud Storage Object Discovery |
Cloud Storage Metadata
Contextual data about cloud storage infrastructure and activity around it such as name, size, or owner
| Domain | ID | Name |
|---|---|---|
| enterprise | T1537 | Transfer Data to Cloud Account |
Cloud Storage Modification
Changes made to cloud storage infrastructure, including its settings and/or data (ex: AWS S3 PutObject or PutObjectAcl)
| Domain | ID | Name |
|---|---|---|
| enterprise | T1486 | Data Encrypted for Impact |
| enterprise | T1537 | Transfer Data to Cloud Account |