LoFP
/
t1021.007
t1021.007
Title
Tags
getsignintoken events will occur when using aws sso portal to login and will generate false positives if you do not filter for the expected user agent(s), see filter. non-sso configured roles would be abnormal and should be investigated.
t1021
t1021.007
t1550
t1550.001
aws
sigma
LoFP
/
t1021.007