Data Source: AWS Cloudtrail | Detection.FYI

AWS STS Temporary IAM Session Token Used from Multiple Addresses

Apr 17, 2025 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS IAM Data Source: AWS CloudTrail Tactic: Initial Access Use Case: Identity and Access Audit Resources: Investigation Guide ·
Share on:

This rule detects when a single IAM user's temporary session token is used from multiple IP addresses within a short time frame. This behavior may indicate that an adversary has stolen temporary credentials and is using them from a different location.

Read More
AWS CloudTrail Log Updated

May 22, 2024 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS Cloudtrail Use Case: Log Auditing Resources: Investigation Guide Tactic: Impact ·
Share on:

Identifies an update to an AWS log trail setting that specifies the delivery of log files.

Read More