Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎08-22-2024 05:36 PM
‎08-22-2024 05:36 PM

Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys

Hi All

 

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive record of actions taken within an AWS account. Think of AWS CloudTrail like an audit or event log for all of the API calls made in your AWS account. For security professionals, monitoring these logs is critical, particularly when it comes to detecting potential unauthorized access, such as through stolen API keys. These techniques and many others I've learned through the incidents I've worked in AWS and that we built into SANS FOR509, Enterprise Cloud Forensics.

 

https://thehackernews.com/2024/08/detecting-aws-account-compromise-key.html?_m=3n%2e009a%2e3440%2ebf...

 

Regards

 

Caute_Cautim

 

 

Reply
0 Kudos
0 Replies