Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
30 Minutes |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Medium |
Description
A cloud identity performed multiple unusual activities leading to code execution using AWS Systems Manager service.
Attacker's Goals
Gaining unauthorized access, executing unauthorized commands or compromising sensitive information within the target system.
Investigative actions
- Investigate the activities related to the suspected identity.
- Examine the code executed on the target instance(s).