Product
medium
advisory
AWS SSM Session Manager Child Process Execution
3 rules 3 TTPsThis rule detects process start events where the parent process is the AWS Systems Manager (SSM) Session Manager worker, which can indicate remote execution and lateral movement by adversaries abusing legitimate AWS credentials.
AWS Systems Manager
aws
ssm
execution
cloud
3r
3t
medium
advisory
AWS SSM Session Manager Child Process Execution
3 rules 3 TTPsThis rule identifies process start events where the parent process is the AWS Systems Manager (SSM) Session Manager worker, which adversaries may abuse for remote execution and lateral movement using legitimate AWS credentials and IAM permissions.
AWS Systems Manager
cloud
aws
execution
lateral-movement
3r
3t