LoFP LoFP / T1651

T1651

TitleTags
legitimate use of the `sendcommand` api call to execute commands on ec2 instances using the ssm service may be done by system administrators or devops engineers for legitimate purposes.
legitimate users may create ssm command documents for legitimate purposes. ensure that the document is authorized and the user is known before taking action.