Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance start. Identifies when existing role is removed and new/existing high privileged role is added to instance profile. Any instance with this instance profile attached is able to perform privileged operations. AWS Instance Profile: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html and CloudGoat - IAM PrivilegeEscalati
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Amazon Web Services |
| ID | e1a91db8-f2b3-4531-bff6-da133d4f4f1a |
| Tactics | PrivilegeEscalation |
| Techniques | T1098 |
| Required Connectors | AWS, AWSS3 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
EventName in "AddRoleToInstanceProfile,RemoveRoleFromInstanceProfile" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊