Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An unknown account was invited to your AWS organization.
The target account was not seen in your tenant for the last 30 days.
Attacker's Goals
Establish persistent access to the compromised cloud account.
Investigative actions
- Identify the invited account ID and ownership.
- Review additional actions performed by the identity and role.