Navigation :
AWS Detect Users With Kms Keys Performing Encryption S3
Description
This search provides detection of users with KMS keys performing encryption specifically against S3 buckets.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
This search provides detection of users with KMS keys performing encryption specifically against S3 buckets.
SPL Difficulty
None
Journey
Stage 3
MITRE ATT&CK Tactics
Impact
MITRE ATT&CK Techniques
Data Encrypted for Impact
Data Encrypted for Impact
MITRE Threat Groups
APT38
APT41
TA505
Data Sources
AWS
Audit Trail