Techniques
Sample rules
PUA - AWS TruffleHog Execution
- source: sigma
- technicques:
- t1003
- t1555
Description
Detects the execution of TruffleHog, a popular open-source tool used for scanning repositories for secrets and sensitive information, within an AWS environment. It has been reported to be used by threat actors for credential harvesting. All detections should be investigated to determine if the usage is authorized by security teams or potentially malicious.
Detection logic
condition: selection
selection:
userAgent: TruffleHog