Long AWS console session

ID:aws_console_long_session

Data type:AWS CloudTrail

Severity:

Informational

Description

AlphaSOC detected an AWS console session lasting over two hours. Extended sessions may indicate potential unauthorized access, allowing threat actors to maintain persistence, exfiltrate data, or perform other malicious activities.

Impact

Prolonged AWS console sessions may allow threat actors sufficient time to explore and compromise cloud resources. Potential risks include modifying security configurations, establishing backdoors, escalating privileges, and exfiltrating sensitive data.

Severity

Severity	Condition
Informational	Long AWS console session

Investigation and Remediation

Review AWS CloudTrail logs and investigate the user account associated with the long-running session. Examine recent activities and any actions taken during the session. Verify whether the session was authorized. If unauthorized, rotate potentially compromised credentials and perform a thorough security assessment to identify and address any additional security risks.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation