Techniques
Sample rules
New AWS Lambda Function URL Configuration Created
- source: sigma
- technicques:
Description
Detects when a user creates a Lambda function URL configuration, which could be used to expose the function to the internet and potentially allow unauthorized access to the function’s IAM role for AWS API calls. This could give an adversary access to the privileges associated with the Lambda service role that is attached to that function.
Detection logic
condition: selection
selection:
eventName: CreateFunctionUrlConfig
eventSource: lambda.amazonaws.com