Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
Credentials from Password Stores: Cloud Secrets Management Stores (T1555.006) |
Severity |
Low |
Description
An identity successfully dumped multiple secrets from the project.
This may indicate an attacker's attempt to dump sensitive information from the cloud environment.
Attacker's Goals
Collect secrets from the cloud environment.
Investigative actions
- Check the accessed secrets' designation.
- Verify that the identity did not dump any sensitive information that it shouldn't.
Variations
An identity successfully extracted multiple secrets within the organization across multiple regionsAn unusual identity successfully extracted multiple secrets within the organization