LoFP
/
T1651
T1651
Title
Tags
legitimate use of the `sendcommand` api call to execute commands on ec2 instances using the ssm service may be done by system administrators or devops engineers for legitimate purposes.
T1651
cross-platform
elastic
legitimate users may create ssm command documents for legitimate purposes. ensure that the document is authorized and the user is known before taking action.
T1651
aws
elastic
LoFP
/
T1651