Techniques
Sample rules
AWS IAM S3Browser LoginProfile Creation
- source: sigma
- technicques:
- t1059
- t1059.009
- t1078
- t1078.004
Description
Detects S3 Browser utility performing reconnaissance looking for existing IAM Users without a LoginProfile defined then (when found) creating a LoginProfile.
Detection logic
condition: selection
selection:
eventName:
- GetLoginProfile
- CreateLoginProfile
eventSource: iam.amazonaws.com
userAgent|contains: S3 Browser