Detections
Analytics
Cloud Service Discovery
Description
An adversary may attempt to enumerate the cloud services running on a system after gaining access. These methods can differ from platform-as-a-service (PaaS), to infrastructure-as-a-service (IaaS), or software-as-a-service (SaaS). Many services exist throughout the various cloud providers and can include Continuous Integration and Continuous Delivery (CI/CD), Lambda Functions, Entra ID, etc. They may also include security services, such as AWS GuardDuty and Microsoft Defender for Cloud, and logging services, such as AWS CloudTrail and Google Cloud Audit Logs.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Entra ID | Read-only | HTTPS | Tenant | ||
| Tenable Cloud Security | Entra ID | Read-only | HTTPS | Tenant | ||
| Tenable Cloud Security | Azure | Read-only | HTTPS | Subscription | ||
| Tenable Cloud Security | GCP | Read-only | HTTPS | Projects | ||
| Tenable Cloud Security | Google Organization | Read-only | HTTPS | Organization |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Discovery
Technique: Cloud Service Discovery