Cloud Storage Enumeration

Cloud Storage Enumeration involves retrieving a list of available cloud storage infrastructure, such as buckets, containers, or objects, within a cloud environment. This activity may be performed for legitimate administrative purposes or malicious reconnaissance by adversaries seeking to identify accessible storage resources.Examples:

AWS S3 Bucket Enumeration: An AWS user lists all buckets using the ListBuckets API call.
Azure Blob Storage Container Enumeration: A user retrieves a list of all containers within a storage account using the Azure Storage SDK or API.
Google Cloud Storage Bucket Enumeration: A Google Cloud user lists all buckets within a project using the storage.buckets.list API.
OpenStack Swift Container Enumeration: A user retrieves a list of containers in OpenStack Swift using the GET method on the storage endpoint.

ID: DC0017

Domains: Enterprise

Version: 2.0

Created: 20 October 2021

Last Modified: 12 November 2025

Log Sources

Name	Channel
AWS:CloudTrail	ListBuckets
AWS:CloudTrail	ListObjectsV2
azure:activity	List Blobs
gcp:storage	storage.objects.list

Detection Strategy

ID	Name	Technique Detected
DET0590	Behavioral Detection of External Website Defacement across Platforms	T1491.002
DET0169	Detection Strategy for Cloud Infrastructure Discovery	T1580
DET0578	Detection Strategy for Cloud Storage Object Discovery	T1619