The AWS managed policy AWSCompromisedKeyQuarantineV2 has been attached
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when the AWS managed policy AWSCompromisedKeyQuarantine(V2) has been attached to a user, role, or group.
Strategy
This rule monitors AWS CloudTrail and detects when the AWS managed policy AWSCompromisedKeyQuarantine(V2) has been attached to a user, role, or group. It is applied by the AWS team in the event that an IAM user’s credentials has been compromised or publicly exposed.
Triage and response
- An AWS support case has been opened regarding this event and contains instructions for investigation.
- Investigate any other actions carried out by the compromised identity
{{@userIdentity.arn}} using the Cloud SIEM investigator.
