...
| Expand | ||
|---|---|---|
| ||
Detects AWS API activity by users who are not explicitly authorized from an allow list. Detection of unapproved users interacting with the AWS API can prevent, abuse, fraud, and other malicious operations from being executed. Source table → |
| Expand | ||
|---|---|---|
| ||
Detects actions that update SAML the provider configuration Source table → |
AWS CloudWatch alerts
| Expand | ||
|---|---|---|
| ||
This alert detects actions to get STS session tokens, which can be used to move laterally or escalate privileges in AWS. Source table → |
...