Uncover gaps in your Microsoft Identity Security.
Book an identity exposure gap analysis today.
Back to all detections

AWS Suspect External Access Granting

AWS Suspect External Access Granting
Overview
Possible Root Causes
Example Scenarios
Business Impact
Steps to Investigate
MITRE ATT&CK Techniques
Related Detections
FAQ

Detection overview

Triggers

  • A credential was observed enabling external access to AWS resources through an IAM role.

Possible Root Causes

  • An attacker may be creating a means of accessing data from a separate AWS account.
  • A sanctioned third-party security or IT service may be granted access to AWS resources in order to perform normal activities.

Business Impact

  • Once an adversary achieves persistent access, they’ve established the opportunity to stage subsequent phases of an attack.

Steps to Verify

  • Validate that the access is authorized, given the purpose and policies governing these resources.
  • If review indicates possible malicious actions or high-risk configuration, delete the created IAM role and disable credentials associated with this alert then perform a comprehensive investigation.
AWS Suspect External Access Granting

Possible root causes

Malicious Detection

Benign Detection

AWS Suspect External Access Granting

Example scenarios

AWS Suspect External Access Granting

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

AWS Suspect External Access Granting

Steps to investigate

AWS Suspect External Access Granting

MITRE ATT&CK techniques covered

Valid Accounts

T1078

Account Manipulation

T1098
AWS Suspect External Access Granting

Related detections

No items found.

See our detections in action

Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.

Don't just read about the possibilities – experience them.

Launch the free tour
Ask for a custom demo

FAQs