AWS SES identity deleted

ID:aws_ses_identity_deleted

Data type:AWS CloudTrail

Severity:

Low

Description

AlphaSOC detected that an AWS Simple Email Service (SES) identity was deleted using the DeleteIdentity action. This action deletes the specified email or domain from the list of verified identities. Adversaries might delete AWS SES identities to disrupt email communications and impair business operations

Impact

Deleting an AWS SES identity can disrupt email-based communications and notifications. This action could prevent an organization from sending important emails.

Severity

Severity	Condition
Low	AWS SES identity deleted

Investigation and Remediation

Review AWS CloudTrail logs to identify the specific IAM user or role that performed these actions and verify if they were made by authorized personnel or systems. If unauthorized, revoke any compromised credentials, revert the changes made by reverifying deleted AWS SES identities, and conduct a thorough security assessment of the AWS environment for other signs of compromise.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation