IAM User Created

Overview

This detector identifies when new IAM users are created. IAM users can be given very broad access to services and resources in an AWS account, depending on the groups, roles, and policies that apply to them.

Newly created IAM users could be an indicator of persistence or privilege escalation. This detector monitors CloudTrail events for those with eventName: CreateUser.

Vendor

AWS

Severity

Overview
Vendor
Severity

Overview​

Vendor​

Severity​

Overview

Vendor

Severity