AWS Detect Users With Kms Keys Performing Encryption S3

Description

This search provides detection of users with KMS keys performing encryption specifically against S3 buckets.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search provides detection of users with KMS keys performing encryption specifically against S3 buckets.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Impact

MITRE ATT&CK Techniques

Data Encrypted for Impact

Data Encrypted for Impact

MITRE Threat Groups

APT38
APT41
TA505

Data Sources

AWS
Audit Trail

   Help

AWS Detect Users With Kms Keys Performing Encryption S3 Help

You must install splunk AWS add on and Splunk App for AWS. This search works with cloudtrail logs

   Search

Open in Search