Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
30 Minutes |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An internal identity performed an operation on multiple regions, considerably more than usual.
This may indicate an attacker's attempt to identify all available resources in the cloud environment.
Attacker's Goals
- Discover cloud resources that are available within the environment and leverage them to perform additional attacks against the organization.
- Detect unused geographic regions and leverage them to evade detection of malicious operations.
Investigative actions
- Check the identity designation.
- Verify that the identity did not perform any operation in a region that it shouldn't.