AWS Security Hub - Detect IAM Policies allowing full administrative privileges

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query detects AWS IAM policies that allow full administrative ("*") privileges in violation of AWS Security Hub control IAM.1. Overly permissive policies increase the risk of privilege escalation and unauthorized access.

Attribute	Value
Type	Analytic Rule
Solution	AWS Security Hub
ID	de1f71d2-d127-439d-a8a2-e64d3187298a
Severity	High
Status	Available
Kind	Scheduled
Tactics	Persistence, PrivilegeEscalation
Techniques	T1098.003, T1078.001
Required Connectors	AWSSecurityHub
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
AWSSecurityHubFindings	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to AWS Security Hub