Detections
Analytics
Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access
Description
Adversaries may abuse permission configurations that allow them to gain temporarily elevated access to cloud resources. Many cloud environments allow administrators to grant user or service accounts permission to request just-in-time access to roles, impersonate other accounts, pass roles onto resources and services, or otherwise gain short-term access to a set of privileges that may be distinct from their own.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Entra ID | Standard Azure AD User | API | Application permissions |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Defense Evasion, Privilege Escalation
Technique: Abuse Elevation Control Mechanism
Sub-Technique: Temporary Elevated Cloud Access
Platform: Entra ID
Products Required: Tenable Identity Exposure
Tenable Release Date: 2024 Q2