AWS IAM user groups discovery

ID:aws_iam_group_discovery

Data type:AWS CloudTrail

Severity:

Low

Description

AlphaSOC detected an unexpected use of actions indicating AWS IAM user groups discovery. These actions include retrieving information about AWS IAM groups and group policies. They may indicate reconnaissance activity by threat actors attempting to understand the structure and permissions within your AWS infrastructure, and potentially prepare for further attack.

Impact

Discovery of AWS IAM user groups may provide attackers with valuable insights into your AWS environment's structure and access controls. This information could be used to identify potential targets, plan privilege escalation attacks, or exploit misconfigurations in AWS IAM policies.

Severity

Severity	Condition
Low	Unexpected AWS IAM user groups discovery

Investigation and Remediation

Review AWS CloudTrail logs to identify the user responsible for the actions. Verify if the actions were performed by authorized personnel or systems. If unauthorized, revoke any compromised credentials and assess the extent of potential damage.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation