Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An AWS database service master user password was changed.
Attacker's Goals
- Gain access and control of the database.
Investigative actions
- Confirm the identity intended to perform this action.
- Follow further actions done by the identity.
- Check what other changes were made to the AWS Database instance or cluster.
Variations
An AWS Database Service master user password was changed from an unusual countryAn AWS Database Service master user password was changed by a non-DevOps identity