Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects creation or update of KMS key policies that grant broad encryption permissions to all principals. Overly permissive key policies can be abused for malicious encryption operations and indicate potential account compromise or risky misconfiguration.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Amazon Web Services |
| ID | 60dfc193-0f73-4279-b43c-110ade02b201 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | Impact |
| Techniques | T1486 |
| Required Connectors | AWS |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
EventName in "CreateKey,PutKeyPolicy" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊