...
| Expand | ||
|---|---|---|
| ||
An AWS console successfully without MFA login was detected. AWS security best practices are recommended to enable this security measure for console access login. Source table → |
| Expand | ||
|---|---|---|
| ||
This search looks for AWS CloudTrail events where a user, who already has permission to create access keys, makes an API call to create access keys for a second user. Source table → |
AWS CloudWatch alerts
| Expand | ||
|---|---|---|
| ||
This alert detects actions to get STS session tokens, which can be used to move laterally or escalate privileges in AWS. Source table → |
...