AWS Detect Sts Get Session Token Abuse

Description

This search provides detection of suspicious use of sts:GetSessionToken. These tokens can be created on the go and used by attackers to move laterally and escalate privileges.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search provides detection of suspicious use of sts:GetSessionToken. These tokens can be created on the go and used by attackers to move laterally and escalate privileges.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Defense Evasion
Lateral Movement

MITRE ATT&CK Techniques

Use Alternate Authentication Material

Use Alternate Authentication Material

Data Sources

AWS
Audit Trail

   Help

AWS Detect Sts Get Session Token Abuse Help

You must install splunk AWS add-on and Splunk App for AWS. This search works with cloudwatch logs

   Search

Open in Search