- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect when an AWS Lambda function resource-based policy is modified by an IAM user. An attacker might modify an AWS Lambda function’s resource-based policy in order to maintain persistence or allow its invocation from an external account.
This rule lets you monitor the AddPermission
CloudTrail API call to detect when an AWS Lambda Function’s resource-based policy is modified.
{{@userIdentity.arn}}
is expected to update the Lambda function within the @requestParameters.functionName
attribute.{{@responseElements.statement}}
attribute for policy modification details.{{@userIdentity.arn}}
and see if they made the API call.{{@userIdentity.arn}}
has taken other actions.{{@network.client.ip}}
.