...
| Expand | ||
|---|---|---|
| ||
Detects any actions observed that create, import, or delete access keys to EC2. Source table → |
| Expand | ||
|---|---|---|
| ||
Detects the scheduled deletion of KMS keys. Source table → |
AWS CloudWatch alerts
| Expand | ||
|---|---|---|
| ||
This alert detects actions to get STS session tokens, which can be used to move laterally or escalate privileges in AWS. Source table → |
...