Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An unusual command which may be related to an IAM recon enumeration was executed by a non-user identity.
Attacker's Goals
Gain information on the Cloud environment, specifically IAM information such as User, Group, Roles, Policies, etc.
Investigative actions
Check if the API call was made by the identity.
Check if there are additional unusual API calls from the identity.