Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A cloud resource was modified by a newly seen IAM user.
Attacker's Goals
Leverage access to manipulate cloud infrastructure.
Investigative actions
- Examine which resources were affected and how.
- Investigate any unusual activity originating from the identity.
Variations
Unusual Kubernetes resource modification by newly seen IAM userUnusual IAM resource modification by newly seen IAM user
Unusual resource modification by newly seen IAM user from an uncommon IP