AWS Saml Access By Provider User And Principal

Description

This search provides specific SAML access from specific Service Provider, user and targeted principal at AWS. This search provides specific information to detect abnormal access or potential credential hijack or forgery, specially in federated environments using SAML protocol inside the perimeter or cloud provider.

   Help

AWS Saml Access By Provider User And Principal Help

You must install splunk AWS add on and Splunk App for AWS. This search works with cloudtrail logs

   Search

Open in Search