< Back to rules searchAWS Detective Graph deleted
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when a user deletes an Amazon Detective behavior graph.
Strategy
This rule lets you monitor this CloudTrail API call to detect if a user has deleted an Amazon Detective behavior graph:
Triage and response
- Determine if the behavior graph should have been deleted.
- Determine which user ({{@userIdentity.arn}}) in your organization deleted the behavior graph.
- If the user did not make the API call:
- Rotate the credentials.
- Investigate if the same credentials made other unauthorized API calls.
Changelog
- 1 April 2022 - Updated rule and signal message.
- 18 November 2022 - Updated severity.