Rules Contributing to Suspicious AWS SSL Certificate Activity Alert
The following rules are used to identify suspicious activity with AWS SSL certificate. Any one or more of these will trigger a Suspicious AWS SSL Certificate Alert. Details for each rule can be viewed by clicking the More Details link in the description.
|
Title |
Description |
||||||||
|---|---|---|---|---|---|---|---|---|---|
|
Update SSL Certificate Created |
A new SSL certificate has been created in your environment. More details
Rule IDQuery{'selection1': {'eventSource': 'iam.amazonaws.com'}, 'selection2': {'eventName': 'UploadServerCertificate'}, 'condition': 'selection1 and selection2'} Log SourceStellar Cyber AWS configured. Rule SourceDeveloped internally by Stellar Cyber Tactics, Techniques, and ProceduresReferences
N/A
Additional Information
|
||||||||
|
Update SSL Certificate Deleted |
A certificate used for establishing SSL connection in your environment has been deleted. More details
Rule IDQuery{'selection1': {'eventSource': 'iam.amazonaws.com'}, 'selection2': {'eventName': 'DeleteServerCertificate'}, 'condition': 'selection1 and selection2'} Log SourceStellar Cyber AWS configured. Rule SourceDeveloped internally by Stellar Cyber Tactics, Techniques, and ProceduresReferences
N/A
Additional Information
|
