Tag
medium
threat
Suspicious Instance Metadata Service (IMDS) API Request
3 rules 4 TTPs 1 IOCThis rule detects suspicious network activity from tools or scripts attempting to access the cloud service provider's Instance Metadata Service (IMDS) API endpoint, potentially retrieving sensitive instance-specific information and credentials.
exploited
credential-access
discovery
cloud
imds
3r
4t
1i
medium
threat
Suspicious Instance Metadata Service (IMDS) API Command Line Execution
2 rules 4 TTPsThe rule identifies command-line executions that attempt to access cloud service provider's Instance Metadata Service (IMDS) API endpoints, potentially retrieving sensitive instance information and temporary security credentials, ultimately leading to credential access and privilege escalation within the cloud environment.
exploited
Microsoft Defender XDR +4
credential-access
cloud
imds
2r
4t