< Back to rules searchAWS CMK deleted or scheduled for deletion
Set up the cloudtrail integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Overview
Goal
Detect when a CMK is deleted or scheduled for deletion.
Strategy
This rule lets you monitor these CloudTrail API calls to detect if an attacker is deleting CMKs:
Triage & Response
- Determine which user in your organization owns the API key that made this API call.
- Contact the user to see if they intended to make this API call.
- If the user did not make the API call:
- Rotate the credentials.
- Investigate if the same credentials made other unauthorized API calls.