Product
This detection rule identifies suspicious AWS IAM API operations performed using temporary session credentials (access keys starting with ASIA) that are not sourced from console logins, indicating potential credential theft, session hijacking, or abuse of privileged temporary credentials by an attacker for persistence, privilege escalation, or defense evasion within the AWS environment.