Detections
Analytics
Valid Accounts: Cloud Accounts
Description
Adversaries may obtain and abuse credentials of a cloud account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of resources within a cloud service provider or SaaS application. In some cases, cloud accounts may be federated with traditional identity management system, such as Window Active Directory.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Entra ID | Standard Azure AD User | API | List of cloud Users, Groups, roles and etc.. + there permission |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Defense Evasion, Persistence, Privilege Escalation, Initial Access
Technique: Valid Accounts
Sub-Technique: Cloud Accounts
Platform: Entra ID
Products Required: Tenable Identity Exposure
Tenable Release Date: 2024 Q2