Detect Shared EC2 Snapshot

Detect Shared EC2 Snapshot

Description

The following analytic utilizes AWS CloudTrail events to identify when an EC2 snapshot permissions are modified to be shared with a different AWS account. This method is used by adversaries to exfiltrate the EC2 snapshot.

   Help

Detect Shared EC2 Snapshot Help

You must install splunk AWS add on and Splunk App for AWS. This search works with AWS CloudTrail logs.

   Search

Open in Search