Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An identity performed actions from multiple countries in a short period of time, which is most unlikely.
This may indicate the identity is compromised.
Attacker's Goals
Obtain and abuse credentials of cloud accounts.
Investigative actions
Check whether the credentials of the identity have been compromised.
Variations
Impossible travel by a cloud compute function identityImpossible travel by a suspicious cloud identity
Impossible travel by a cloud compute identity
Impossible travel by an unusual cloud identity