<  Back to rules search

AWS Root credential activity

guardduty

Classification:

compliance

Framework:

cis-aws

Control:

cis-1.1

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when the AWS root user credentials are used.

Strategy

This rule lets you monitor this GuardDuty integration finding:

Triage and response

  1. Determine whether the root account activity was legitimate.
  • Review the sample for context.
  • Review CloudTrail logs for a full investigation.
  1. If the root user’s credentials are compromised:
  • Review the AWS documentation on remediating compromised AWS credentials.

Root Account Best Practices