AWS IAM policy modified

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect a change to an AWS IAM Policy.

Strategy

This rule lets you monitor CloudTrail and detect when any event pertaining to an AWS IAM policy is detected with one of the following API calls:

Triage and response

  1. Review the IAM Policy change and ensure it does not negatively impact your risk in relation to authentication or authorization controls.
  2. If risk is increased, contact the individual that used the arn: {{@userIdentity.arn}} and determine if the {{@evt.name}} API calls were made by them.

Changelog

5 April 2022 - Updated rule and signal message. 12 Jul 2023 - Updated query and evaluation window.

PREVIEWING: brett0000FF/node-compatibility