API

Anomalous API Gateway API key reads by user

Documentos > Datadog Security > OOTB Rules > Anomalous API Gateway API key reads by user

Classification:

attack

Tactic:

TA0007-discovery

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when a user is enumerating API Gateway API keys.

Strategy

Baseline GetApiKeys events by @userIdentity.session_name to surface anomalous GetApiKeys calls.

Triage and response

Investigate activity for the following ARN {{@userIdentity.arn}} using {{@userIdentity.session_name}}.
Review any other security signals for {{@userIdentity.arn}}.