- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect when a user is attempting to retrieve a high number of parameters, through Cloudtrail’s GetParameter
event.
This rule sets a baseline for user activity in the GetParameter
event, and enables detection of potentially anomalous activity when a user attempts to retrieve an anomalous volume of parameters.
An attacker may attempt to enumerate and access the AWS Systems Manager to gain access to Application Programming Interface (API) keys, database credentials, Identity and Access Management (IAM) permissions, Secure Shell (SSH) keys, certificates, and more. Once these credentials are obtained, they can be used to perform lateral movement and access restricted information.
{{@userIdentity.session_name}}
to determine if the specific set of API calls are malicious.{{@userIdentity.session_name}}
.aws-cli
command put-parameter
.