AWS Guard Duty: EC2 with suspicious usage of instance profile credentials

Suspicious activity

AWS Guard Duty: EC2 with suspicious usage of instance profile credentials

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
UK Cyber Essentials

Description

External usage of instance profile credentials was found by AWS GuardDuty service on {AwsIamRole} and the IAM role is permissive or attached to many instances in the account. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detected one of the following types of suspicious activity: (UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS, UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS).

AWS Guard Duty: EC2 with suspicious usage of instance profile credentials

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS