Tag

Getcalleridentity

1 brief RSS

AWS EC2 Role GetCallerIdentity from New Source AS Organization

The rule detects when an EC2 instance role session calls AWS STS GetCallerIdentity from a new source autonomous system (AS) organization name, indicating potential credential theft and verification from outside expected egress paths.

Amazon Web Services cloud aws getcalleridentity ec2 discovery

2r 1t 3d ago