/
AWS
Document toolboxDocument toolbox

AWS

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Sept 07, 2023 by Former user (Deleted)
6 min read

Amazon Web Services (AWS) is one of the largest cloud providers out there and as such requires organizations to protect themselves with cloud security monitoring.

SciSec’s content contains dozens of AWS detections so your organization can monitor your AWS infrastructure, look for areas of risk, or help respond to threats as they emerge. The detections are for AWS products and services Cloudtrail, Cloudwatch, and VPC.

The DescribePermissions event retrieves a description about permissions for a specified stack. This could be used by an attacker to collect information for further attacks.

Source table → cloud.aws.cloudtrail

Detects actions that update SAML the provider configuration

Source table → cloud.aws.cloudtrail

This search provides specific information to detect abnormal access or potential credential hijack or forgery, specially in federated environments using SAML protocol inside the perimeter or cloud provider

Source table → cloud.aws.cloudtrail

It was detected that a permission boundary has been lifted against an IAM user. This action could be used by an attacker to escalate privileges within an AWS account.

Source table → cloud.aws.cloudtrail

The Describe permissions event retrieves a description of permissions for a specified stack. This could be used by an attacker to collect information for further attacks.

Source table → cloud.aws.cloudtrail

Related content

Investigation list
Investigation list
Devo latest
Read with this
Release 10 - Out-of-the-box alerts
Release 10 - Out-of-the-box alerts
Devo latest
More like this
Firewall detections
Firewall detections
Devo latest
Read with this
AWS Security
AWS Security
Devo v7.10.0
More like this
GCP
GCP
Devo latest
Read with this
Release 13 - Out-of-the-box alerts
Release 13 - Out-of-the-box alerts
Devo latest
More like this