Product
high
advisory
AWS Password Spraying Attack via Multiple Failed Console Logins
2 rules 2 TTPsA single source IP attempts to authenticate to the AWS Console against multiple unique user accounts within a short timeframe, indicating a potential password spraying attack.
AWS Console
aws
password-spraying
credential-access
2r
2t
medium
advisory
AWS Console Login from New Country
2 rules 3 TTPsDetects AWS console logins by a user from a previously unseen country, potentially indicating compromised credentials.
AWS Console
aws
cloud
credential-access
initial-access
2r
3t
high
advisory
AWS Console Login Password Spraying
2 rules 3 TTPsA single source IP failing to authenticate into the AWS Console with multiple valid users, potentially indicating a password spraying attack against cloud resources.
AWS Console
aws
cloudtrail
password-spraying
2r
3t