Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
10 Minutes |
Deduplication Period |
7 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An identity has executed a sequence of events which may be related to an IAM recon enumeration.
Attacker's Goals
Gather information about the cloud environment, including IAM users, groups, roles, and policies.
Investigative actions
Verify whether the API calls were made by the identity and check for any additional related calls.