< Back to rules searchAWS IAM user making API requests with hacking tools
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Overview
Goal
Detect when an AWS IAM user makes API requests with hacking tools.
Strategy
This rule lets you monitor these GuardDuty integration findings:
Triage & Response
- Determine which user triggered the signal. This can be found in the signal.
- Determine if the user’s credentials are compromised.
- If the user’s credentials are compromised:
- Review the AWS documentation on remediating compromised AWS credentials.