Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects creation of inline IAM policies that grant broad DynamoDB create, read, update, and delete permissions. Attackers may use this access expansion to manipulate data stores and escalate influence across cloud workloads.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Amazon Web Services |
| ID | b9be2aa6-911d-4131-8658-d2a537ed49f4 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | PrivilegeEscalation |
| Techniques | T1098.003 |
| Required Connectors | AWS |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
EventName in "PutGroupPolicy,PutRolePolicy,PutUserPolicy" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊