AWS Detect Sts Get Session Token Abuse
This search provides detection of suspicious use of sts:GetSessionToken. These tokens can be created on the go and used by attackers to move laterally and escalate privileges.
AWS Detect Sts Get Session Token Abuse Help
You must install splunk AWS add-on and Splunk App for AWS. This search works with cloudwatch logs
Open in Search