Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
10 Minutes |
Deduplication Period |
7 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An Identity has executed a sequence of events which may be related to an IAM recon enumeration.
Attacker's Goals
Gain information on the Cloud environment, specifically IAM information such as User, Group, Roles, Policies etc.
Investigative actions
Check if the API calls were made by the identity.
Check if there are additional calls executed by the identity.