Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
The following detection identifies excessive AccessDenied events within an hour timeframe. It is possible that an access key to AWS may have been stolen and is being misused to perform discovery events.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Amazon Web Services |
| ID | 7e258a45-b356-44f6-9a62-2643cef7b869 |
| Severity | Medium |
| Tactics | Discovery |
| Techniques | T1087 |
| Required Connectors | AWS |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AWSCloudTrail |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊