Benchmark: T1098.003 Account Manipulation: Additional Cloud Roles
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/tailpipe-mod-aws-cloudtrail-log-detections
Start the Powerpipe server:
powerpipe server
Open http://localhost:9033 in your browser and select T1098.003 Account Manipulation: Additional Cloud Roles.
Run this benchmark in your terminal:
powerpipe benchmark run aws_cloudtrail_log_detections.benchmark.mitre_attack_v161_ta0004_t1098_003
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_cloudtrail_log_detections.benchmark.mitre_attack_v161_ta0004_t1098_003 --share
Detections
- CodeBuild Project Service Role Updated
- IAM Group Administrator Policy Attached
- IAM Group Inline Policy Updated
- IAM Role Inline Policy Updated
- IAM Role Managed Policy Attached
- IAM User Administrator Policy Attached
- IAM User Inline Policy Updated
- IAM User Managed Policy Attached