Detections
Analytics
Create Account: Cloud Account
Description
Adversaries may create a cloud account to maintain access to victim systems. With a sufficient level of access, such accounts may be used to establish secondary credentialed access that does not require persistent remote access tools to be deployed on the system
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable.cs | Cloud | Read-only | HTTPS | List of IAM Policy |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Persistence
Technique: Create Account
Sub-Technique: Cloud Account
Platform: AWS
Products Required: Tenable.cs
Tenable Release Date: 2022 Q4