- 重要な情報
- はじめに
- 用語集
- ガイド
- エージェント
- インテグレーション
- OpenTelemetry
- 開発者
- API
- CoScreen
- アプリ内
- Service Management
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
Detect when a user is attempting to retrieve a high number of parameters, through Cloudtrail’s GetParameter
event.
This rule sets a baseline for user activity in the GetParameter
event, and enables detection of potentially anomalous activity when a user attempts to retrieve an anomalous volume of parameters.
An attacker may attempt to enumerate and access the AWS Systems Manager to gain access to Application Programming Interface (API) keys, database credentials, Identity and Access Management (IAM) permissions, Secure Shell (SSH) keys, certificates, and more. Once these credentials are obtained, they can be used to perform lateral movement and access restricted information.
{{@userIdentity.session_name}}
to determine if the specific set of API calls are malicious.{{@userIdentity.session_name}}
.aws-cli
command put-parameter
.