Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/tailpipe-mod-aws-cloudtrail-log-detections
Overview
4Dashboards
86Benchmarks
96Queries
1Variables
GitHub

Benchmark: TA0042 Execution

Overview

The adversary is trying to establish resources they can use to support operations.

Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-aws-cloudtrail-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select TA0042 Execution.

Run this benchmark in your terminal:

powerpipe benchmark run aws_cloudtrail_log_detections.benchmark.mitre_attack_v161_ta0042

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_cloudtrail_log_detections.benchmark.mitre_attack_v161_ta0042 --share

Benchmarks

Tags

category = Detections
mitre_attack_tactic_id = TA0042
mitre_attack_version = v16.1
plugin = aws
service = AWS/CloudTrail
type = Benchmark