The AWS managed policy AWSCompromisedKeyQuarantineV2 has been attached
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when the AWS managed policy AWSCompromisedKeyQuarantine(V2) has been attached to a user, role, or group.
Strategy
This rule monitors AWS CloudTrail and detects when the AWS managed policy AWSCompromisedKeyQuarantine(V2) has been attached to a user, role, or group. It is applied by the AWS team in the event that an IAM user’s credentials has been compromised or publicly exposed.
Triage and response
- An AWS support case has been opened regarding this event and contains instructions for investigation.
- Investigate any other actions carried out by the compromised identity
{{@userIdentity.arn}}
using the Cloud SIEM investigator.