AWS Detect Sts Assume Role Abuse
Description
This search provides detection of suspicious use of sts:AssumeRole. These tokens can be created on the go and used by attackers to move laterally and escalate privileges.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Help |
---|
AWS Detect Sts Assume Role Abuse HelpYou must install splunk AWS add on and Splunk App for AWS. This search works with cloudtrail logs |
Search |
---|
Open in Search |