AWS Detect Sts Assume Role Abuse
This search provides detection of suspicious use of sts:AssumeRole. These tokens can be created on the go and used by attackers to move laterally and escalate privileges.
This content is not mapped to any local saved search. Add mapping
AWS Detect Sts Assume Role Abuse Help
You must install splunk AWS add on and Splunk App for AWS. This search works with cloudtrail logs
Open in Search