AWS Detect Role Creation

Description

This search provides detection of role creation by IAM users. Role creation is an event by itself if user is creating a new role with trust policies different than the available in AWS and it can be used for lateral movement and escalation of privileges.

   Help

AWS Detect Role Creation Help

You must install splunk AWS add-on and Splunk App for AWS. This search works with cloudwatch logs

   Search

Open in Search