-
Notifications
You must be signed in to change notification settings - Fork 0
/
AWSCloudEndure.yaml
131 lines (130 loc) · 6.25 KB
/
AWSCloudEndure.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
version: 1
ATT&CK version: 9
creation date: 06/21/2021
name: AWS CloudEndure Disaster Recovery
contact: [email protected]
organization: Center for Threat Informed Defense (CTID)
platform: AWS
tags:
description: >+
AWS CloudEndure Disaster Recovery enables the replication and recovery of physical, virtual, and
cloud-based servers into AWS Cloud including public regions, AWS GovCloud, and AWS Outposts. AWS
CloudEndure continuously replicates servers and can launch fully provisioned machines within
minutes in the event that a disaster such as data center failures, server corruption, or cyber
attacks occur.
techniques:
- id: T1190
name: Exploit Public-Facing Application
technique-scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS
Cloud. In the event that a public-facing application or server is compromised, AWS
CloudEndure can be used to provision an instance of the server from a previous point in
time within minutes. As a result, this mapping is given a score of Significant.
- id: T1485
name: Data Destruction
technique-scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS
Cloud. In the event that data on servers is destroyed, AWS CloudEndure can be used to
provision an instance of the server from a previous point in time within minutes. As a
result, this mapping is given a score of Significant.
- id: T1486
name: Data Encrypted for Impact
technique-scores:
- category: Respond
value: Significant
comments: >
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS
Cloud. In the event that data on servers is encrypted (e.g., ransomware), AWS CloudEndure can be used to
provision an instance of the server from a previous point in time within minutes. As a
result, this mapping is given a score of Significant.
- id: T1565
name: Data Manipulation
technique-scores:
- category: Respond
value: Minimal
comments: >
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS
Cloud. In the event that data on servers is manipulated, AWS CloudEndure can be used to
provision an instance of the server from a previous point in time within minutes. This
mapping is given a score of Minimal because it only supports a subset (1 of 3) of the
sub-techniques.
sub-techniques-scores:
- sub-techniques:
- id: T1565.001
name: Stored Data Manipulation
scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into
AWS Cloud. In the event that data on servers is manipulated, AWS CloudEndure can be
used to provision an instance of the server from a previous point in time within
minutes. As a result, this mapping is given a score of Significant.
- id: T1491
name: Defacement
technique-scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS
Cloud. In the event that servers are defaced, AWS CloudEndure can be used to provision an
instance of the server from a previous point in time within minutes. This mapping is given
a score of Significant because it supports all of the sub-techniques (2 of 2).
sub-techniques-scores:
- sub-techniques:
- id: T1491.001
name: Internal Defacement
- id: T1491.002
name: External Defacement
scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into
AWS Cloud. In the event that servers are defaced, AWS CloudEndure can be used to
provision an instance of the server from a previous point in time within minutes. As a
result, this mapping is given a score of Significant.
- id: T1561
name: Disk Wipe
technique-scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS
Cloud. In the event that server disks are wiped, AWS CloudEndure can be used to provision
an instance of the server from a previous point in time within minutes. This mapping is
given a score of Significant because it supports all of the sub-techniques (2 of 2).
sub-techniques-scores:
- sub-techniques:
- id: T1561.001
name: Disk Content Wipe
- id: T1561.002
name: Disk Structure Wipe
scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into
AWS Cloud. In the event that server disks are wiped, AWS CloudEndure can be used to
provision an instance of the server from a previous point in time within minutes. As a
result, this mapping is given a score of Significant.
- id: T1490
name: Inhibit System Recovery
technique-scores:
- category: Respond
value: Significant
comments: >-
AWS CloudEndure Disaster Recovery enables the replication and recovery of servers into AWS
Cloud. In the event that servers are modified to disrupt recovery, AWS CloudEndure can be
used to provision an instance of the server from a previous point in time within minutes.
As a result, this mapping is given a score of Significant.
references:
- 'https://aws.amazon.com/cloudendure-disaster-recovery/'
- >-
https://docs.cloudendure.com/#Configuring_and_Running_Disaster_Recovery/Configuring_and_Running_Disaster_Recovery.htm