< Back to rules searchAWS Detective Graph deleted
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a user deletes an Amazon Detective behavior graph.
Strategy
This rule lets you monitor this CloudTrail API call to detect if a user has deleted an Amazon Detective behavior graph:
Triage and response
- Determine if the behavior graph should have been deleted.
- Determine which user ({{@userIdentity.arn}}) in your organization deleted the behavior graph.
- If the user did not make the API call:
- Rotate the credentials.
- Investigate if the same credentials made other unauthorized API calls.
Changelog
- 1 April 2022 - Updated rule and signal message.
- 18 November 2022 - Updated severity.