heroui logo

Account Security Configuration Changed

Panther Rules

View Source
Summary
The AWS.CloudTrail.SecurityConfigurationChange rule detects changes to account-wide security configurations based on AWS CloudTrail logs. When a relevant security configuration change event is logged, such as the deletion of a CloudTrail or any significant adjustment to AWS security settings, this rule triggers an alert. The primary action is to verify if the change was planned; if not, mitigation measures should be taken to revert the change and update access control policies to prevent future unapproved modifications. This rule is crucial in maintaining a secure AWS environment by ensuring that any configuration changes are duly authorized and comply with security policies.
Categories
  • Cloud
  • AWS
Data Sources
  • Cloud Service
  • Cloud Storage
  • Application Log
ATT&CK Techniques
  • T1562
Created: 2022-09-02