AWS Iam Accessdenied Discovery Events

AWS Iam Accessdenied Discovery Events

Description

The following detection identifies excessive AccessDenied events within an hour timeframe. It is possible that an access key to AWS may have been stolen and is being misused to perform discovery events. In these instances, the access is not available with the key stolen therefore these events will be generated.

   Help

AWS Iam Accessdenied Discovery Events Help

The Splunk AWS Add-on and Splunk App for AWS is required to utilize this data. The search requires AWS Cloudtrail logs.

   Search

Open in Search