Privilege escalation via Lambda policy

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Detected usage of AttachUserPolicy/AttachGroupPolicy/AttachRolePolicy on Lambda policy. Attackers could use these operations for privilege escalation. Verify these actions with the user.

Attribute Value
Type Analytic Rule
Solution Amazon Web Services
ID 8e01c41d-bd4c-4bbe-aed5-18592735052d
Severity Medium
Status Available
Kind Scheduled
Tactics PrivilegeEscalation
Techniques T1484
Required Connectors AWS
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
AWSCloudTrail EventName in "PutGroupPolicy,PutRolePolicy,PutUserPolicy" ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to Amazon Web Services