AWS Detect Users Creating Keys With Encrypt Policy Without MFA

Description

This search provides detection of KMS keys which action kms:Encrypt is accessible for everyone (also outside of your organization). This is an identicator that your account is compromised and the attacker uses the encryption key to compromise another company.

   Help

AWS Detect Users Creating Keys With Encrypt Policy Without MFA Help

You must install splunk AWS add on and Splunk App for AWS. This search works with cloudtrail logs

   Search

Open in Search