Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Medium |
Description
A cloud identity performed multiple unusual activities across various cloud services.
Attacker's Goals
Adversaries may manipulate accounts to pivot to their next point in the environment, and eventually to access or manipulate data.
Investigative actions
- Check if the identity intended to preform this action, or look for signs that the user account is compromised (e.g. abnormal logins, unusual activity).