Versions Compared

Version Old Version 4 New Version 5
Changes made by

Laszlo Frazer

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
/*
Traffic on port 80 is typically unencrypted 
HTTP connections, which could be intercepted
by a threat that has access to the VPC.
*/
from cloud.aws.vpc.flow
where eq(dstport,"80")
group by dstaddr, action

...

Interface disabled

Code Block
/* 
Yesterday, an unauthorized entity turned off some interfaces
within the private cloud, disabling services.
Determine which interfaces need to be reenabled.
*/

from cloud.aws.vpc.flow
group by interface_id select max(end_date) as last_seen
where today()-1d<last_seen<today()//yesterday

TODO: https://www.devogov.us/#/loxcope?uuid=d3ddf02d-9757-49b1-922d-1bfe720b2869

Malicious source IP accepted

...