Document toolboxDocument toolbox

AWS

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Sept 07, 2023 by Former user (Deleted)
6 min read

Amazon Web Services (AWS) is one of the largest cloud providers out there and as such requires organizations to protect themselves with cloud security monitoring.

SciSec’s content contains dozens of AWS detections so your organization can monitor your AWS infrastructure, look for areas of risk, or help respond to threats as they emerge. The detections are for AWS products and services Cloudtrail, Cloudwatch, and VPC.

The DescribePermissions event retrieves a description about permissions for a specified stack. This could be used by an attacker to collect information for further attacks.

Source table → cloud.aws.cloudtrail

Detects actions that update SAML the provider configuration

Source table → cloud.aws.cloudtrail

This search provides specific information to detect abnormal access or potential credential hijack or forgery, specially in federated environments using SAML protocol inside the perimeter or cloud provider

Source table → cloud.aws.cloudtrail

It was detected that a permission boundary has been lifted against an IAM user. This action could be used by an attacker to escalate privileges within an AWS account.

Source table → cloud.aws.cloudtrail

The Describe permissions event retrieves a description of permissions for a specified stack. This could be used by an attacker to collect information for further attacks.

Source table → cloud.aws.cloudtrail