Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
6 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
An identity dumped multiple secrets from the project, considerably more than usual.
This may indicate an attacker's attempt to dump sensitive information from the cloud environment.
Attacker's Goals
Collect secrets from the cloud environment.
Investigative actions
- Check the accessed secrets' designation.
- Verify that the identity did not dump any sensitive information that it shouldn't.