AWS Guard Duty: AWS GuardDuty detects API calls using an administrative user from suspicious source

Suspicious activity

AWS Guard Duty: AWS GuardDuty detects API calls using an administrative user from suspicious source

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
GDPR
HITRUST
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

API calls from suspicious source address using an administrative user were detected by AWS GuardDuty service. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detects one of the following types of IAM recon findings (Recon:IAMUser/MaliciousIPCaller, Recon:IAMUser/MaliciousIPCaller, Recon:IAMUser/TorIPCaller) originated from a suspicious source (known Tor exit node or an IP address included on a threat list) using an AWS user with administrative permissions.

AWS Guard Duty: AWS GuardDuty detects API calls using an administrative user from suspicious source

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS