Privilege escalation via EC2 policy

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Detected usage of AttachUserPolicy/AttachGroupPolicy/AttachRolePolicy on EC2 policy. Attackers could use these operations for privilege escalation. Verify these actions with the user.

Attribute Value
Type Analytic Rule
Solution Amazon Web Services
ID a2b2a984-c820-4d93-830e-139bffd81fa3
Severity Medium
Status Available
Kind Scheduled
Tactics PrivilegeEscalation
Techniques T1484
Required Connectors AWS
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
AWSCloudTrail EventName in "PutGroupPolicy,PutRolePolicy,PutUserPolicy" ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to Amazon Web Services