COVERAGE· MITRE ATT&CK · cloud matrix v14.1· 32 of 78 techniques shipped

refresh weekly · last sync 2d ago

MITRE ATT&CK · cloud matrix

Coverage isn't a number on a slide. It's a grid we can prove.

The matrix below is the entire cloud-AWS ATT&CK surface, scored against what we can emulate today. Each cell links to its scenario, its CloudTrail signature, and the detection rule that should catch it.

Techniques shipped

of 78 in the AWS matrix

Full coverage

41%

scored against real CloudTrail

In-flight

on the roadmap this quarter

Critical gaps

unshippped, high-impact

view · density ▾

SERVICE / TACTIC

Initial Access

Discovery

Lateral Mov.

Priv-Esc

Persist

Defense Evas.

Collection

Impact

IAM

T1078.004×3

T1087.004×7

T1550.001×2

T1548.005×5

T1098×4

T1556.005×2

T1213.003×1

T1531×3

STS

T1199×1

T1580×2

T1078×3

T1098.001×1

T1098×2

T1622×1

T1119×1

T1531.001×1

T1530×2

T1119×2

T1078×1

T1136.003×1

T1027.001×1

T1567.002×4

T1485×3

KMS

T1526×1

T1578×1

T1098×1

T1027×1

T1486×3

Lambda

T1526×1

T1525×1

T1611×1

T1554×1

T1499×1

Heat Shipped · multiple chains Shipped In flight Planned Out of scope ×N = chains using this technique

IAM

Identity & Access 11 / 18

T1548.005Abuse Elevation Control (AttachRolePolicy)SHIPPED

T1098Account ManipulationSHIPPED

T1078.004Valid Cloud AccountsSHIPPED

T1087.004Cloud Account DiscoverySHIPPED

T1556.005Modify Authentication ProcessIN FLIGHT

T1213.003Data from Cloud RepositoriesPLANNED

S3

Storage 8 / 14

T1530Data from Cloud StorageSHIPPED

T1567.002Exfiltration to Cloud StorageSHIPPED

T1485Data DestructionSHIPPED

T1119Automated CollectionSHIPPED

T1136.003Create Cloud AccountIN FLIGHT

KMS

Key Management 5 / 11

T1486Data Encrypted for ImpactSHIPPED

T1578Modify Cloud Compute InfrastructureIN FLIGHT

T1098Account Manipulation (KMS Policy)IN FLIGHT

T1027Obfuscated Files (KMS encryption)PLANNED

STS

Token Service 8 / 12

T1550.001Application Access TokenSHIPPED

T1078Valid AccountsSHIPPED

T1580Cloud Infrastructure DiscoverySHIPPED

T1199Trusted RelationshipIN FLIGHT

T1622Debugger EvasionPLANNED

Map the matrix against your AWS

Bring your CloudTrail or detection ruleset. We'll run a 30-minute readout, flag the techniques your current rules miss, and hand you a per-cell to-do list.

Book a map readout →