TrendAI Vision One™ Cloud Risk Management Real-Time Threat Monitoring

Best practice rules for TrendAI Vision One™ Cloud Risk Management Real-Time Threat Monitoring

• AWS IAM User Created

  An AWS Identity and Access Management (IAM) user creation event has been detected.

• AWS IAM user has signed in without MFA

  Amazon Web Services IAM user authentication without MFA has been detected.

• AWS Root user has signed in without MFA

  TrendAI Vision One™ Cloud Risk Management user authentication without MFA has been detected.

• Detect IAM User Sign-In Requests Outside Regular Business Hours

  AWS Management Console sign-in requests for IAM users have been detected outside regular business hours.

• Monitor Unintended AWS API Calls

  Unintended AWS API calls have been detected within your Amazon Web Services account.

• Root has signed in

  Amazon Web Services account authentication using root credentials has been detected.

• User activity in blocklisted regions

  AWS User/API activity has been detected within blocklisted Amazon Web Services region(s).

• User has failed signing in to AWS

  Monitor AWS IAM user's failed signing attempts.

• Users signed in to AWS from a safelisted IP Address

  Amazon Web Services root/IAM user authentication from a blocklisted IP address has been detected.

• Users signed in to AWS from an approved country

  Amazon Web Services root/IAM user authentication from a non-approved country has been detected.

• VPC Network Configuration Changes

  Networking configuration changes have been detected within your Amazon Web Services account.