Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A cloud identity set the specified version of an AWS IAM policy as the policy's default.
Attacker's Goals
Add additional cloud roles or permissions to maintain persistent access or escalate permissions.
Investigative actions
- Investigate any unusual activity originating from the suspected identity.