Techniques
Sample rules
Potential Amazon SSM Agent Hijacking
- source: sigma
- technicques:
- t1219
Description
Detects potential Amazon SSM agent hijack attempts as outlined in the Mitiga research report.
Detection logic
condition: selection
selection:
CommandLine|contains|all:
- '-register '
- '-code '
- '-id '
- '-region '
Image|endswith: \amazon-ssm-agent.exe
Potential Linux Amazon SSM Agent Hijacking
- source: sigma
- technicques:
- t1219
Description
Detects potential Amazon SSM agent hijack attempts as outlined in the Mitiga research report.
Detection logic
condition: selection
selection:
CommandLine|contains|all:
- '-register '
- '-code '
- '-id '
- '-region '
Image|endswith: /amazon-ssm-agent