Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An unusual command which may be related to an IAM recon enumeration was executed by a non-user identity.
Attacker's Goals
Collect information on the cloud environment, including IAM users, groups, roles, and policies.
Investigative actions
Check if the API call was made by the identity.
Check if there are additional unusual API calls from the identity.