Skip to content

Hide Navigation Hide TOC

Snapshot Creation (3da222e6-53f3-451c-a239-0b405c009432)

The process of taking a point-in-time copy of a cloud storage volume (files, settings, configurations, etc.), virtual machine (VM), or database that can be created and deployed in cloud environments.

Data Collection Measures:

  • Cloud Platform Logs (IaaS)
    • AWS CloudTrail Logs: Monitor API calls related to snapshot creation (CreateSnapshot).
    • Azure Monitor Logs: Track snapshot creation (Microsoft.Compute/snapshots/write).
    • Google Cloud Logging: Detect compute.disks.createSnapshot.
Cluster A Galaxy A Cluster B Galaxy B Level
Snapshot Creation (3da222e6-53f3-451c-a239-0b405c009432) mitre-data-component Create Snapshot - T1578.001 (ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1) Attack Pattern 1
Snapshot Creation (3da222e6-53f3-451c-a239-0b405c009432) mitre-data-component Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) Attack Pattern 1
Snapshot Creation (3da222e6-53f3-451c-a239-0b405c009432) mitre-data-component Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) Attack Pattern 1
Create Snapshot - T1578.001 (ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1) Attack Pattern Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) Attack Pattern 2