Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This detection correlates AWS GuardDuty Credential Access alerts related to Amazon Relational Database Service (RDS) activity with Azure portal sign-in activities. It identifies successful and failed logins, anomalous behavior, and malicious IP access. By joining these datasets on network entities and IP addresses, it detects unauthorized credential access attempts across AWS and Azure resources, enhancing cross-cloud security monitoring.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Multi Cloud Attack Coverage Essentials - Resource Abuse |
| ID | 122fbc6a-57ab-4aa7-b9a9-51ac4970cac1 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | CredentialAccess, InitialAccess |
| Techniques | T1557, T1110, T1110.003, T1110.004, T1606, T1556, T1133 |
| Required Connectors | AzureActiveDirectory, AWSS3 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AWSGuardDuty |
✓ | ✓ | ? |
SigninLogs |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Multi Cloud Attack Coverage Essentials - Resource Abuse