AWS Security Tools Disabled
Detection overview
Triggers
- Credential was observed performing a set of API requests capable of disabling native AWS security measures.
Possible Root Causes
- Attackers are attempting to disable or downgrade AWS security mechanisms to blind defenders or to enable further malicious activities without the risk of detection.
- A security or IT service may intentionally be disabling security tools while troubleshooting problems.
Business Impact
- Attackers who have successfully degraded, disabled, or bypassed security controls can more easily progress towards their objectives.
- Unintentional disabling of security controls increases the potential impact of both present and future attacks against the organization.
Steps to Verify
- Review if this configuration is expected and appropriate in light of any available compensating controls.
- If this is a temporary configuration for troubleshooting purposes, confirm it has been reenabled once that troubleshooting is complete.
AWS Security Tools Disabled
Possible root causes
Malicious Detection
Benign Detection
AWS Security Tools Disabled
Example scenarios
AWS Security Tools Disabled
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
AWS Security Tools Disabled
Steps to investigate
AWS Security Tools Disabled
Related detections
No items found.