Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A cloud identity attempted to impersonate another identity for the first time.
Attacker's Goals
- Escalate privileges and bypass access controls
- Avoid detection throughout their compromise.
Investigative actions
- Check the identity's designation.
- Verify that the identity did not perform any sensitive operation on behalf of the impersonated identity.
Variations
Unusual cloud identity impersonation by an identity with high administrative activitySuspicious cloud identity impersonation was succeeded
Suspicious cloud identity impersonation was failed