Products: Amazon AWS - VpcFlowLogs

Rules

Rule ID	Rule Name
MATCH-S00553	Allowed Inbound RDP Traffic
THRESHOLD-S00003	Amazon VPC - Network Scan
THRESHOLD-S00004	Amazon VPC - Port Scan
THRESHOLD-S00074	Excessive Firewall Denies
THRESHOLD-S00085	Excessive Outbound Firewall Blocks
MATCH-S00454	Firewall Allowed SMB Traffic
FIRST-S00030	First Seen Outbound Connection to External IP Address on Port 445 from IP Address
FIRST-S00025	First Seen SMB Allowed Traffic From IP
THRESHOLD-S00079	Inbound Port Scan
MATCH-S00554	Outbound IRC Traffic
THRESHOLD-S00048	Outbound Traffic to Countries Outside the United States
MATCH-S00558	Potential Inbound VNC Traffic
MATCH-S00502	RDP Traffic to Unexpected Host
MATCH-S00560	SMTP Traffic from Non-SMTP Servers
MATCH-S00555	Threat Intel - Inbound Traffic Context
LEGACY-S00107	Threat Intel Match - IP Address

Log Mapper ID	Log Mapper Name
63a6eb64-cb0f-49c3-9155-b54b0bd62d46	AWS VPC Flow Logs - Default Format
edc80da0-7594-413c-9b55-3f1c1bad3acf	AWS VPC Flow Logs - JSON Format