The AWS managed policy AWSCompromisedKeyQuarantine has been attached
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect when the AWS managed policy AWSCompromisedKeyQuarantine has been attached to a user, role, or group.
Strategy
This rule monitors AWS CloudTrail and detects when the AWS managed policy AWSCompromisedKeyQuarantine has been attached to a user, role, or group. It is applied by the AWS team in the event that an IAM user’s credentials has been compromised or publicly exposed.
Triage and response
- An AWS support case has been opened regarding this event and contains instructions for investigation.
- Investigate any other actions carried out by the compromised identity
{{@userIdentity.arn}} using the Cloud SIEM investigator.
Changelog
12 June 2025 - Update title and link to align with the latest AWSCompromisedKeyQuarantineV3 managed policy.
