AWS Createloginprofile

AWS Createloginprofile

Description

This search looks for AWS CloudTrail events where a user A(victim A) creates a login profile for user B, followed by a AWS Console login event from user B from the same srcip as user B. This correlated event can be indicative of privilege escalation since both events happened from the same srcip

   Help

AWS Createloginprofile Help

You must install splunk AWS add on and Splunk App for AWS. This search works with AWS CloudTrail logs.

   Search

Open in Search