Console Login

Overview

This detector monitors CloudTrail events for those of eventType: AwsConsoleSignIn to see when someone logs into the AWS management console.

The detector identifies logins by IAM users within the account, as well as users from other AWS accounts that are permitted by your IAM roles and policies.

This event could be an indication of initial access or lateral movement, and it should be investigated, particularly if this environment is typically not managed from the AWS console.

Root user logins are monitored by a separate detector.

Vendor

AWS

Overview​

Vendor​

Severity​

Overview

Vendor

Severity