ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Snapshot Modification

Changes made to a cloud snapshot's metadata, attributes, or control settings. These modifications may involve adjusting access permissions, changing retention policies, or altering encryption settings.

Data Collection Measures:

AWS CloudTrail
- Tracks API calls such as ModifySnapshotAttribute, ResetSnapshotAttribute, and ModifySnapshotTier.
Azure Monitor Logs
- Logs changes via Microsoft.Compute/snapshots/write.
Google Cloud Logging
- Captures modifications through compute.snapshots.setIamPolicy and compute.snapshots.patch.

ID: DC0058

Domains: Enterprise

Version: 2.0

Created: 20 October 2021

Last Modified: 21 October 2025

Log Sources

Name	Channel
AWS:CloudTrail	ModifySnapshotAttribute

Detection Strategy

ID	Name	Technique Detected
DET0573	Cross-Platform Detection of Data Transfer to Cloud Account	T1537
DET0308	Detection Strategy for Modify Cloud Compute Infrastructure	T1578