Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Authomize_v2_CL.csv

408 KiB
Исходник Ответственный История

1TenantIdSourceSystemMGManagementGroupNameTimeGenerated [UTC]ComputerRawDataslot_ID_dID_gavailability_Value_dperformance_Value_dmeasurement_Name_sduration_dwarning_Threshold_dcritical_Threshold_dIsActive_sid_screatedAt_t [UTC]updatedAt_t [UTC]entities_sapps_sCategorytactics_scompliance_stechniques_sstatus_sseverity_spolicyId_spolicy_id_spolicy_name_spolicy_templateId_sassigneeId_srecommendation_sdescription_sisResolved_burl_sType_ResourceId
2368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM9a97cce292dca51fa5dccc5e171543048e287ccc3/7/2023, 11:39:40.845 PM5/2/2023, 12:41:51.339 AM[ { "id": "9e4dc3efc5e619330aaf7c4196b52792ecc2ed8e", "name": "stacksets-exec-642a6aa5e9848f24ec83c92a24ae6711", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role stacksets-exec-642a6aa5e9848f24ec83c92a24ae6711 was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/9a97cce292dca51fa5dccc5e171543048e287cccAuthomize_v2_CL
3368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM1426a7c7715210fb2682490b858c34b26ed91d273/7/2023, 11:39:40.837 PM5/2/2023, 12:41:51.338 AM[ { "id": "b6259610c3717f183008360d1c5c44039c04249a", "name": "AuthomizeAdministrator", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role AuthomizeAdministrator was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/1426a7c7715210fb2682490b858c34b26ed91d27Authomize_v2_CL
4368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM6c0b7dfd3cf82a416d43d1062983f63082fbaa053/7/2023, 11:39:40.830 PM5/2/2023, 12:41:51.338 AM[ { "id": "a8e80278f7e7dfd0625134b630d86173a5176edb", "name": "OrganizationAccountAccessRole", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role OrganizationAccountAccessRole was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/6c0b7dfd3cf82a416d43d1062983f63082fbaa05Authomize_v2_CL
5368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM73fdb933fecfebbba4f614907d63cb9f414ac8213/7/2023, 11:39:40.823 PM5/2/2023, 12:41:51.338 AM[ { "id": "619fcf487c5bd968da7fd2033381bc1643c83b5d", "name": "AuthomizeAdministrator", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role AuthomizeAdministrator was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/73fdb933fecfebbba4f614907d63cb9f414ac821Authomize_v2_CL
6368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM8d8f5905e05ca18097effce4694e97a2375d42413/7/2023, 11:39:33.344 PM5/2/2023, 12:41:24.539 AM[ { "id": "22112528fefa67bd52c212cd9b0b531f95e87976", "name": "frontend_views", "object": "asset", "originId": null, "originType": "Instance" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "12.2", "13.4", "13.9", "13.10", "3.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IVS-03", "IVS-04" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "IVS-06", "AIS-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319759491723197594Privileged Machines Exposed to the Internet88391686020Validate that the resource exposed must remain so to fulfil its function. Validate the information this resource contains to prevent sensitive leaks of data. If the resource should not be accessible, block any of the networks rules from accepting public internet. Remember that a higher level resource might block other related resources from accessing the internet as well. It is possible to block a resource from the public internet by attaching a security group.EC2 Instance frontend_views in AWS is exposed to the internet. The instance has the following role assigned: ec2_s3_full_access <br/> Full Exposure Path: <br/> | Resource | Type | | -------- |-------- | | prod_na-igw | Gateway | | customer-application-lb | LoadBalancer | | frontend_views | VirtualMachine |falsehttps://msftriskyuser.authomize.com/incidents/8d8f5905e05ca18097effce4694e97a2375d4241Authomize_v2_CL
7368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM77eeb95c34f203d00411561ddca3a0cb3de2786d3/6/2023, 11:41:16.717 PM5/2/2023, 12:41:59.132 AM[ { "id": "03f798065de05f429ba76674a73869e8faf3a14b", "name": "storage-service-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Collection", "Discovery", "Exfiltration", "Impact" ][][]OpenHigh9172320370491723203704Refactor AWS policy based on activities in the last 60 days.88391700422Update IAM policy storage-service-policy using the Authomize recommended new policy through the AWS console or other preffered methods.The policy storage-service-policy in AWS account 291883359082 has excessive privileges that can be removed. Detection is based on activities during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/77eeb95c34f203d00411561ddca3a0cb3de2786dAuthomize_v2_CL
8368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM2247ef0e15444516e7b15e8ffbfb42b7945d9e8d3/6/2023, 11:41:16.711 PM5/2/2023, 12:41:59.132 AM[ { "id": "41de248e190f9a4d796059e9833732375fa63d9e", "name": "AmazonEKS_CNI_Policy-20220503081720914900000001", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Collection", "Discovery", "Exfiltration", "Impact" ][][]OpenHigh9172320370491723203704Refactor AWS policy based on activities in the last 60 days.88391700422Update IAM policy AmazonEKS_CNI_Policy-20220503081720914900000001 using the Authomize recommended new policy through the AWS console or other preffered methods.The policy AmazonEKS_CNI_Policy-20220503081720914900000001 in AWS account 291883359082 has excessive privileges that can be removed. Detection is based on activities during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/2247ef0e15444516e7b15e8ffbfb42b7945d9e8dAuthomize_v2_CL
9368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM0f2672a045bd1ae6b08986b4616579eddd36e98c3/6/2023, 11:41:16.705 PM5/2/2023, 12:41:59.132 AM[ { "id": "9c7bb3c5f84fdb3235411e2ba66cd30853655665", "name": "AmazonEKS_EBS_CSI_Policy-20220510234308019800000002", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Collection", "Discovery", "Exfiltration", "Impact" ][][]OpenHigh9172320370491723203704Refactor AWS policy based on activities in the last 60 days.88391700422Update IAM policy AmazonEKS_EBS_CSI_Policy-20220510234308019800000002 using the Authomize recommended new policy through the AWS console or other preffered methods.The policy AmazonEKS_EBS_CSI_Policy-20220510234308019800000002 in AWS account 291883359082 has excessive privileges that can be removed. Detection is based on activities during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/0f2672a045bd1ae6b08986b4616579eddd36e98cAuthomize_v2_CL
10368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM727a2bfa2e5cfbf365ffc57d87b0b7a762c811bb3/6/2023, 11:40:39.657 PM5/2/2023, 12:41:21.559 AM[ { "id": "bb786de8906e3dfad445d7d07466796ebb50eb1b", "name": "privesc15-PassExistingRoleToNewLambdaThenInvoke", "object": "asset", "originId": null, "originType": "PolicyResource" }, { "id": "af3fcb9bc7cf55a9e94e1e6000a2ad56e76c5984", "name": "privesc15-PassExistingRoleToNewLambdaThenInvoke-role", "object": "identity", "email": null }, { "id": "f50d5abbb3ab5d07ea0fb91a38f5480808240c00", "name": "privesc15-PassExistingRoleToNewLambdaThenInvoke-role", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319673191723196731Stale IAAS policy attachment to role88391681312Unused policies should be detached from privesc15-PassExistingRoleToNewLambdaThenInvoke-roleprivesc15-PassExistingRoleToNewLambdaThenInvoke-role hasn't used the Policy privesc15-PassExistingRoleToNewLambdaThenInvoke during the past 30 days.falsehttps://msftriskyuser.authomize.com/incidents/727a2bfa2e5cfbf365ffc57d87b0b7a762c811bbAuthomize_v2_CL
11368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:31.533 AM3bf6bd0b9b8df0b9d77aa60a8d4bc693251b903b3/6/2023, 11:40:39.651 PM5/2/2023, 12:41:21.559 AM[ { "id": "289913f8294a9a91eea3c09925c324e2634c6e04", "name": "privesc1-CreateNewPolicyVersion", "object": "asset", "originId": null, "originType": "PolicyResource" }, { "id": "f7a97b83c333f46af3b8b0ae91edc1de7ec96f7e", "name": "privesc1-CreateNewPolicyVersion-role", "object": "identity", "email": null }, { "id": "b494fd2e5c32528f6f7868d28ce0bddb813efdc7", "name": "privesc1-CreateNewPolicyVersion-role", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319673191723196731Stale IAAS policy attachment to role88391681312Unused policies should be detached from privesc1-CreateNewPolicyVersion-roleprivesc1-CreateNewPolicyVersion-role hasn't used the Policy privesc1-CreateNewPolicyVersion during the past 30 days.falsehttps://msftriskyuser.authomize.com/incidents/3bf6bd0b9b8df0b9d77aa60a8d4bc693251b903bAuthomize_v2_CL
12368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AMc487290642375789a5df8a3d4fbabe664b60d4043/10/2023, 11:37:05.723 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "04cc89d889cbc797eb94d65587b40f98981fb06e", "name": "role/allow-ec2-connection-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/allow-ec2-connection-role:trustpolicy on AWS. Access was gained through allow-ec2-connection-rolefalsehttps://msftriskyuser.authomize.com/incidents/c487290642375789a5df8a3d4fbabe664b60d404Authomize_v2_CL
13368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AMcea1186d41e84dea93f7f2a003a10abaad77f02f3/10/2023, 11:37:05.717 AM5/2/2023, 12:33:06.162 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null }, { "id": "bdf06bbed962f1bf92a92d1419664c3632656ab5", "name": "AuthomizeLocalRole", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principleAuthomizeCustomerRoleAssumer gained access to Resource_EntitlementProxy AuthomizeLocalRole on AWS.falsehttps://msftriskyuser.authomize.com/incidents/cea1186d41e84dea93f7f2a003a10abaad77f02fAuthomize_v2_CL
14368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AMeed14883d2ace1675c54430b99c563479854b0493/10/2023, 11:37:05.710 AM5/2/2023, 12:33:06.161 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null }, { "id": "05d18c21b10725df5f8de9008aaa974efa5a41b8", "name": "role/authomizelocalrole:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principleAuthomizeCustomerRoleAssumer gained access to Policy role/authomizelocalrole:trustpolicy on AWS. Access was gained through AuthomizeLocalRolefalsehttps://msftriskyuser.authomize.com/incidents/eed14883d2ace1675c54430b99c563479854b049Authomize_v2_CL
15368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AMb6b9e32e4a4f5116e8ae9a9b0f2545db37c5d5f63/9/2023, 11:37:10.061 PM5/2/2023, 12:37:26.310 AM[ { "id": "b31468ef8439325f547f1ba60f59702a87e04b90", "name": "AWSAuditAccountAdmins", "object": "identity", "email": null }, { "id": "89e09c06da0cdd5f0ff36b3fdf56419f07943824", "name": "AWSAuditAccountAdmins", "object": "account", "originId": null } ][ { "id": "35a7fa81a6ad1067e8e7225fa82c8e25aa8782e7", "name": "AWS IAM Identity Center" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group AWSAuditAccountAdmins has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/b6b9e32e4a4f5116e8ae9a9b0f2545db37c5d5f6Authomize_v2_CL
16368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AMe281f539092722c226a543ca5218b8f71f7d17443/9/2023, 11:37:10.056 PM5/2/2023, 12:37:26.311 AM[ { "id": "7bf906277b6d511b9a8ad5b204fd3fe0697a0653", "name": "AWSSecurityAuditors", "object": "identity", "email": null }, { "id": "8759c05a5b536120070be0d67b9e5e34f9b01b1a", "name": "AWSSecurityAuditors", "object": "account", "originId": null } ][ { "id": "35a7fa81a6ad1067e8e7225fa82c8e25aa8782e7", "name": "AWS IAM Identity Center" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group AWSSecurityAuditors has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/e281f539092722c226a543ca5218b8f71f7d1744Authomize_v2_CL
17368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AM88c0d50f0162b06762296ce4b4dd9215115cb2af3/9/2023, 11:37:10.051 PM5/2/2023, 12:37:26.309 AM[ { "id": "9d986c78d42b834dca44b0837f14857177c96a05", "name": "AWSServiceCatalogAdmins", "object": "identity", "email": null }, { "id": "89d06a61b06b5cb4dd691c85087184b744d2b5dc", "name": "AWSServiceCatalogAdmins", "object": "account", "originId": null } ][ { "id": "35a7fa81a6ad1067e8e7225fa82c8e25aa8782e7", "name": "AWS IAM Identity Center" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group AWSServiceCatalogAdmins has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/88c0d50f0162b06762296ce4b4dd9215115cb2afAuthomize_v2_CL
18368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AM3b0a6fe6d09345067098d281ba4d5099fa096ee33/9/2023, 11:37:10.047 PM5/2/2023, 12:37:26.309 AM[ { "id": "b593a5046988c58020ee3a5ce7bd436d126d5c9c", "name": "AWSLogArchiveViewers", "object": "identity", "email": null }, { "id": "932fcbbc44a59748bafc5f667ce96e838f112290", "name": "AWSLogArchiveViewers", "object": "account", "originId": null } ][ { "id": "35a7fa81a6ad1067e8e7225fa82c8e25aa8782e7", "name": "AWS IAM Identity Center" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group AWSLogArchiveViewers has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/3b0a6fe6d09345067098d281ba4d5099fa096ee3Authomize_v2_CL
19368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AM5c5611e49cb1f2e5ebc2f054161a0ae26e822e313/9/2023, 11:37:10.042 PM5/2/2023, 12:37:26.311 AM[ { "id": "1734f2bc90fbd7cfd4edc29ee9318777672f84f8", "name": "test_group", "object": "identity", "email": null }, { "id": "41e01e5835760fb42eb4c9838acfcc7e1e23ab3d", "name": "test_group", "object": "account", "originId": null } ][ { "id": "35a7fa81a6ad1067e8e7225fa82c8e25aa8782e7", "name": "AWS IAM Identity Center" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group test_group has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/5c5611e49cb1f2e5ebc2f054161a0ae26e822e31Authomize_v2_CL
20368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AM556113dce2a1a71b3afd75f510f32746f078870d3/9/2023, 11:37:10.037 PM5/2/2023, 12:37:26.309 AM[ { "id": "cb62f23d1475f052aeaf29fb43a06ef91e6403a8", "name": "AWSSecurityAuditPowerUsers", "object": "identity", "email": null }, { "id": "d45a169b805faf4c3d259831265a8f00d25abc29", "name": "AWSSecurityAuditPowerUsers", "object": "account", "originId": null } ][ { "id": "35a7fa81a6ad1067e8e7225fa82c8e25aa8782e7", "name": "AWS IAM Identity Center" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group AWSSecurityAuditPowerUsers has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/556113dce2a1a71b3afd75f510f32746f078870dAuthomize_v2_CL
21368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:26.361 AMf3636a06ff83731756d71651f14b7ab0426061063/9/2023, 11:37:10.032 PM5/2/2023, 12:37:26.308 AM[ { "id": "28e2c566379447d14c7d2ca6eb64dab1f4a47f3d", "name": "AWSLogArchiveAdmins", "object": "identity", "email": null }, { "id": "48e55ab62e6815ebbb91eddfdb54c5ca5784fec9", "name": "AWSLogArchiveAdmins", "object": "account", "originId": null } ][ { "id": "35a7fa81a6ad1067e8e7225fa82c8e25aa8782e7", "name": "AWS IAM Identity Center" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group AWSLogArchiveAdmins has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/f3636a06ff83731756d71651f14b7ab042606106Authomize_v2_CL
22368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AM58691a287dc0e76ef5b6357abd025dbf258760013/6/2023, 11:40:18.941 PM5/2/2023, 12:41:13.705 AM[ { "id": "cba1878c0d07a5530b835a9198cd67dd3ab99502", "name": "AuthomizeMasterAccountUser", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user AuthomizeMasterAccountUser was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/58691a287dc0e76ef5b6357abd025dbf25876001Authomize_v2_CL
23368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AMea3dd9ff719dbfafc0bbab28fd9d890e1134e12c3/6/2023, 11:37:11.549 PM5/2/2023, 12:33:58.913 AM[ { "id": "bf2be9d8713021d095f0f043f73a9234ca5ed1cc", "name": "manage-policies", "object": "identity", "email": null }, { "id": "289913f8294a9a91eea3c09925c324e2634c6e04", "name": "privesc1-CreateNewPolicyVersion", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Credential Access", "Privilege Escalation" ][ { "values": [ "5.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.8.1.1", "A.9.4.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Trusted Relationship", "Steal Application Access Token", "Valid Accounts" ]OpenHigh7470532931674705329316IaaS shadow admin detected74701855785Shadow admins have sensitive privileges and can perform risky actions, review the accounts. Make sure any privileged IaaS entity follows the least privileged principle.manage-policies has been granted shadow-admin privileges in AWS. The privileges were granted via the access policy <strong>privesc1-CreateNewPolicyVersion</strong> of type Policy directly.<br/> By assigning manage-policies to the privesc1-CreateNewPolicyVersion access policy, they have gained the following privileges: iam:createpolicyversion.falsehttps://msftriskyuser.authomize.com/incidents/ea3dd9ff719dbfafc0bbab28fd9d890e1134e12cAuthomize_v2_CL
24368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AM536a3f646f56a67dcb154919979ac74393316d623/6/2023, 11:36:57.503 PM5/2/2023, 12:35:06.715 AM[ { "id": "b21f017e7fdd4b5079fd2d43dd37ef34b6b8c48b", "name": "kim rice@acme com", "object": "identity", "email": null }, { "id": "04c8b99fc389ce9a429a970f5adb9df182199431", "name": "iam_admin", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Credential Access" ][ { "values": [ "5.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.8.1.1", "A.9.4.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Trusted Relationship", "Steal Application Access Token" ]OpenHigh7470532664374705326643IaaS admin detected74701855663Validate any new admins. Make sure any new admins follows the least privileged principle.kim rice@acme com has been granted admin privileges in AWS. The privileges were granted via the access policy <strong>iam_admin</strong> of type Policy directly.<br/> By assigning kim rice@acme com to the iam_admin access policy, they have gained the following privileges: iam:*.falsehttps://msftriskyuser.authomize.com/incidents/536a3f646f56a67dcb154919979ac74393316d62Authomize_v2_CL
25368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AMb77095dfa5709257057a0398ed13d0d81d04cb573/6/2023, 11:36:57.492 PM5/2/2023, 12:35:06.714 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "1371445936f25baa04e2f6c728bf7caf311d5ed2", "name": "AdministratorAccess", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Credential Access" ][ { "values": [ "5.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.8.1.1", "A.9.4.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Trusted Relationship", "Steal Application Access Token" ]OpenHigh7470532664374705326643IaaS admin detected74701855663Validate any new admins. Make sure any new admins follows the least privileged principle.cli user has been granted admin privileges in AWS. The privileges were granted via the access policy <strong>AdministratorAccess</strong> of type Policy directly.<br/> By assigning cli user to the AdministratorAccess access policy, they have gained the following privileges: *:*.falsehttps://msftriskyuser.authomize.com/incidents/b77095dfa5709257057a0398ed13d0d81d04cb57Authomize_v2_CL
26368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AMedc84764dd9f5c3066cdba0d9b355258c17665293/6/2023, 11:36:57.481 PM5/2/2023, 12:35:06.714 AM[ { "id": "6147e2cb17bb389c1d97e274e0e844d1a30f3763", "name": "rnd-management", "object": "identity", "email": null }, { "id": "844a59bcacd070e3e47759024aca96b5d6f05353", "name": "site-reliability-engineering", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Credential Access" ][ { "values": [ "5.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.8.1.1", "A.9.4.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Trusted Relationship", "Steal Application Access Token" ]OpenHigh7470532664374705326643IaaS admin detected74701855663Validate any new admins. Make sure any new admins follows the least privileged principle.rnd-management has been granted admin privileges in AWS. The privileges were granted via the access policy <strong>site-reliability-engineering</strong> of type Policy via the group privesc-sre-group.<br/> By assigning rnd-management to the site-reliability-engineering access policy, they have gained the following privileges: iam:*.falsehttps://msftriskyuser.authomize.com/incidents/edc84764dd9f5c3066cdba0d9b355258c1766529Authomize_v2_CL
27368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AMff6c9dd447bb13860de357bc3ed2c4e60387291b3/6/2023, 11:36:57.461 PM5/2/2023, 12:35:06.714 AM[ { "id": "0dc77cd79ca8e4a97c12db8241463a9615d8f7f6", "name": "devop-admin", "object": "identity", "email": null }, { "id": "c7a0ad09d8e61ea968d3562c459965a4f147adef", "name": "admin-priv", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Credential Access" ][ { "values": [ "5.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.8.1.1", "A.9.4.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Trusted Relationship", "Steal Application Access Token" ]OpenHigh7470532664374705326643IaaS admin detected74701855663Validate any new admins. Make sure any new admins follows the least privileged principle.devop-admin has been granted admin privileges in AWS. The privileges were granted via the access policy <strong>admin-priv</strong> of type Policy directly.<br/> By assigning devop-admin to the admin-priv access policy, they have gained the following privileges: *:*.falsehttps://msftriskyuser.authomize.com/incidents/ff6c9dd447bb13860de357bc3ed2c4e60387291bAuthomize_v2_CL
28368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AM2b23860827c9a408068a0ebac58c42bbd6181d593/6/2023, 11:36:42.395 PM5/2/2023, 12:34:25.596 AM[ { "id": "2cee0622e84e4f94a1f24fc77499544568f77d30", "name": "lambda-func-support", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.lambda-func-support's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/2b23860827c9a408068a0ebac58c42bbd6181d59Authomize_v2_CL
29368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AMa8dfe3c0cc3fd400bb1c3eea6ad130226b5445bd3/6/2023, 11:36:42.383 PM5/2/2023, 12:34:25.593 AM[ { "id": "362210a1b7ac1cb5264d9cb2cb83ff387f541d74", "name": "Root user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.Root user's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/a8dfe3c0cc3fd400bb1c3eea6ad130226b5445bdAuthomize_v2_CL
30368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AMbc2052ab4b0ebf99bb193502d59defd3b5902fee3/6/2023, 11:36:42.368 PM5/2/2023, 12:34:25.594 AM[ { "id": "bf2be9d8713021d095f0f043f73a9234ca5ed1cc", "name": "manage-policies", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.manage-policies's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/bc2052ab4b0ebf99bb193502d59defd3b5902feeAuthomize_v2_CL
31368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:42.170 AMad986aa44e7be41c7e71f00b3d2d16a9bdb7dbb23/6/2023, 11:36:42.357 PM5/2/2023, 12:34:25.594 AM[ { "id": "b21f017e7fdd4b5079fd2d43dd37ef34b6b8c48b", "name": "kim rice@acme com", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.kim rice@acme com's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/ad986aa44e7be41c7e71f00b3d2d16a9bdb7dbb2Authomize_v2_CL
32368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AMa5ce593ce7564b4750d6dbb4c8cb02ce3e806d754/27/2023, 3:03:12.058 AM5/2/2023, 12:41:21.560 AM[ { "id": "9c7bb3c5f84fdb3235411e2ba66cd30853655665", "name": "AmazonEKS_EBS_CSI_Policy-20220510234308019800000002", "object": "asset", "originId": null, "originType": "PolicyResource" }, { "id": "9c99335efc340fcc9b4825ebc7ce25b40806478e", "name": "ebs-csi20220510234308018400000001", "object": "identity", "email": null }, { "id": "823dc1c5ace371b8435718494e1e11533979b15b", "name": "ebs-csi20220510234308018400000001", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319673191723196731Stale IAAS policy attachment to role88391681312Unused policies should be detached from ebs-csi20220510234308018400000001ebs-csi20220510234308018400000001 hasn't used the Policy AmazonEKS_EBS_CSI_Policy-20220510234308019800000002 during the past 30 days.falsehttps://msftriskyuser.authomize.com/incidents/a5ce593ce7564b4750d6dbb4c8cb02ce3e806d75Authomize_v2_CL
33368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AM4004c78d2b6c44f32ef6917186972c9d703f32994/27/2023, 3:03:04.569 AM5/2/2023, 12:41:18.458 AM[ { "id": "9c7bb3c5f84fdb3235411e2ba66cd30853655665", "name": "AmazonEKS_EBS_CSI_Policy-20220510234308019800000002", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 291883359082, or the way you manage user assignment to rolesRemove the policy AmazonEKS_EBS_CSI_Policy-20220510234308019800000002 completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy AmazonEKS_EBS_CSI_Policy-20220510234308019800000002 haven't been used during the last 30 days in account 291883359082, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/4004c78d2b6c44f32ef6917186972c9d703f3299Authomize_v2_CL
34368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AM1050847700814/26/2023, 12:06:31.027 PM5/2/2023, 12:41:59.174 AM[ { "id": "db72c19c40a4c44a25d56824e4490b2e40a71f7d", "name": "empty_role_allow_assume", "object": "identity", "email": null }, { "id": "319d63d56065543badcc8a611ec8c435caa373b0", "name": "Okta__ec2_lambda_s3_full", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172320262891723202628Chain of 3 or more roles88391698510Check with the account manager if there is an need for this role assuming access. If it is not needed, update the trust policy. If an operational need exists, break the chain and assign the role directly for increased security.falsehttps://msftriskyuser.authomize.com/incidents/105084770081Authomize_v2_CL
35368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AM2915922100d3d480e1dd8d95bcb2492af2017d6c4/23/2023, 12:03:44.946 PM5/2/2023, 12:41:53.859 AM[ { "id": "d37b4b59e47d71f6f11326b45bc848791c6f75bc", "name": "Root user", "object": "identity", "email": null }, { "id": "b8e0bbe3f7f97a34821108a6b1d2f2cba6ad5607", "name": "OrganizationAccountAccessRole", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172320179291723201792Unused federated access to a specific AWS role88391698088Revoke all unused access to your infrastructure. Grant access to IaaS resources on a must have basis. Revoke the user's ability to assume the role in AWS.Root user has not assumed the role OrganizationAccountAccessRole in AWS account 291883359082 during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/2915922100d3d480e1dd8d95bcb2492af2017d6cAuthomize_v2_CL
36368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AMc6bb0e6e0a9d8c7456c9f8bfc3976fb6a77c620c4/23/2023, 12:03:44.940 PM5/2/2023, 12:41:53.860 AM[ { "id": "d37b4b59e47d71f6f11326b45bc848791c6f75bc", "name": "Root user", "object": "identity", "email": null }, { "id": "a80fdf41855aaa5aaf374a5c816f3fc33357a600", "name": "AWSControlTowerExecution", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172320179291723201792Unused federated access to a specific AWS role88391698088Revoke all unused access to your infrastructure. Grant access to IaaS resources on a must have basis. Revoke the user's ability to assume the role in AWS.Root user has not assumed the role AWSControlTowerExecution in AWS account 291883359082 during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/c6bb0e6e0a9d8c7456c9f8bfc3976fb6a77c620cAuthomize_v2_CL
37368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AMb1bf34e56642cd649d2dc0b762560df03f998d454/23/2023, 12:03:44.935 PM5/2/2023, 12:41:53.860 AM[ { "id": "d37b4b59e47d71f6f11326b45bc848791c6f75bc", "name": "Root user", "object": "identity", "email": null }, { "id": "a8e80278f7e7dfd0625134b630d86173a5176edb", "name": "OrganizationAccountAccessRole", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172320179291723201792Unused federated access to a specific AWS role88391698088Revoke all unused access to your infrastructure. Grant access to IaaS resources on a must have basis. Revoke the user's ability to assume the role in AWS.Root user has not assumed the role OrganizationAccountAccessRole in AWS account 071186405907 during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/b1bf34e56642cd649d2dc0b762560df03f998d45Authomize_v2_CL
38368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AMa92832a8e14e2b2bc269464364a45ddce72290064/23/2023, 12:03:44.930 PM5/2/2023, 12:41:53.860 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null }, { "id": "63abe4095886e94aad8ceb1beb1c9a7d52f144cd", "name": "AuthomizeLocalRole", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172320179291723201792Unused federated access to a specific AWS role88391698088Revoke all unused access to your infrastructure. Grant access to IaaS resources on a must have basis. Revoke the user's ability to assume the role in AWS.AuthomizeCustomerRoleAssumer has not assumed the role AuthomizeLocalRole in AWS account 071186405907 during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/a92832a8e14e2b2bc269464364a45ddce7229006Authomize_v2_CL
39368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AM16d35a816d3c38d9d106f1bfe47ab56fa0208c684/23/2023, 12:03:44.925 PM5/2/2023, 12:41:53.860 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null }, { "id": "18132c0ae670087a4aa444eede8c14c6c7e84fcc", "name": "AuthomizeLocalRole", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172320179291723201792Unused federated access to a specific AWS role88391698088Revoke all unused access to your infrastructure. Grant access to IaaS resources on a must have basis. Revoke the user's ability to assume the role in AWS.AuthomizeCustomerRoleAssumer has not assumed the role AuthomizeLocalRole in AWS account 234690524301 during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/16d35a816d3c38d9d106f1bfe47ab56fa0208c68Authomize_v2_CL
40368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AMecc6f72af4854301dbaaf10e3fe941d537e88f284/23/2023, 12:03:44.919 PM5/2/2023, 12:41:53.860 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null }, { "id": "0464102564b78461f4d2d5acdab0bca37a9920dc", "name": "AuthomizeCrossAccountTrustRole", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172320179291723201792Unused federated access to a specific AWS role88391698088Revoke all unused access to your infrastructure. Grant access to IaaS resources on a must have basis. Revoke the user's ability to assume the role in AWS.AuthomizeCustomerRoleAssumer has not assumed the role AuthomizeCrossAccountTrustRole in AWS account 234690524301 during the last 60 days.falsehttps://msftriskyuser.authomize.com/incidents/ecc6f72af4854301dbaaf10e3fe941d537e88f28Authomize_v2_CL
41368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:12.377 AM16f845466d0ec27868a933bf408d703fd43b01a94/11/2023, 11:39:38.548 PM5/2/2023, 12:34:17.129 AM[ { "id": "2cee0622e84e4f94a1f24fc77499544568f77d30", "name": "lambda-func-support", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.lambda-func-support's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/16f845466d0ec27868a933bf408d703fd43b01a9Authomize_v2_CL
42368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM0ce0c9ac3b2f1a58f303e62ef98da8edb194d9274/11/2023, 11:39:38.538 PM5/2/2023, 12:34:17.128 AM[ { "id": "362210a1b7ac1cb5264d9cb2cb83ff387f541d74", "name": "Root user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.Root user's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/0ce0c9ac3b2f1a58f303e62ef98da8edb194d927Authomize_v2_CL
43368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM2feadbe901a9f8a0bc579e9816af5e369e7d2d1e4/11/2023, 11:39:38.529 PM5/2/2023, 12:34:17.128 AM[ { "id": "bf2be9d8713021d095f0f043f73a9234ca5ed1cc", "name": "manage-policies", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.manage-policies's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/2feadbe901a9f8a0bc579e9816af5e369e7d2d1eAuthomize_v2_CL
44368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM09ab0bfbad6d191b942c1b8f19aa4ef6349453a34/11/2023, 11:39:38.522 PM5/2/2023, 12:34:17.128 AM[ { "id": "b21f017e7fdd4b5079fd2d43dd37ef34b6b8c48b", "name": "kim rice@acme com", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.kim rice@acme com's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/09ab0bfbad6d191b942c1b8f19aa4ef6349453a3Authomize_v2_CL
45368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM3860b36bf30534ccec5f5ea59c25400cfc25c74a4/11/2023, 11:39:38.513 PM5/2/2023, 12:34:17.128 AM[ { "id": "9cc92bab3b013e0b94caf1e21ec49f1dde3cf0d6", "name": "rnd-instance-managment", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.rnd-instance-managment's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/3860b36bf30534ccec5f5ea59c25400cfc25c74aAuthomize_v2_CL
46368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM66af620951eedce503527ed18ce7508f060407b34/11/2023, 11:39:38.504 PM5/2/2023, 12:34:17.129 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.cli user's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/66af620951eedce503527ed18ce7508f060407b3Authomize_v2_CL
47368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM78bb4135e03d1d468eb455ada05c038b0845cf6c4/11/2023, 11:39:38.492 PM5/2/2023, 12:34:17.129 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.AuthomizeCustomerRoleAssumer's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/78bb4135e03d1d468eb455ada05c038b0845cf6cAuthomize_v2_CL
48368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM18115ae731a5340a864dac0096909b818980bf3e4/11/2023, 11:39:38.483 PM5/2/2023, 12:34:17.129 AM[ { "id": "6147e2cb17bb389c1d97e274e0e844d1a30f3763", "name": "rnd-management", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.rnd-management's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/18115ae731a5340a864dac0096909b818980bf3eAuthomize_v2_CL
49368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM796070fe32962e521ef51da816cc54a18b630f634/11/2023, 11:39:38.474 PM5/2/2023, 12:34:17.128 AM[ { "id": "0dc77cd79ca8e4a97c12db8241463a9615d8f7f6", "name": "devop-admin", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.devop-admin's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/796070fe32962e521ef51da816cc54a18b630f63Authomize_v2_CL
50368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AM2b36cc9eeaaf57c4214aab548dd9bbc46215528b4/11/2023, 11:39:38.465 PM5/2/2023, 12:34:17.127 AM[ { "id": "cba1878c0d07a5530b835a9198cd67dd3ab99502", "name": "AuthomizeMasterAccountUser", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.AuthomizeMasterAccountUser's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/2b36cc9eeaaf57c4214aab548dd9bbc46215528bAuthomize_v2_CL
51368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:13.488 AMa8d7cf9b45930d496696359e8d59d8dc498b37634/11/2023, 11:39:38.457 PM5/2/2023, 12:34:17.130 AM[ { "id": "ef1aaecb0869343318c6e4af3e9bfe0326a68d9c", "name": "phillip carpenter@acme com", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.phillip carpenter@acme com's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/a8d7cf9b45930d496696359e8d59d8dc498b3763Authomize_v2_CL
52368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AM0ab6bf96deafe2f1fb2bbd3be22b6cf5b9690d344/11/2023, 11:39:38.450 PM5/2/2023, 12:34:17.127 AM[ { "id": "95fb6c89a1dcd4d27797905a128aee1cef508898", "name": "role chaining user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.role chaining user's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/0ab6bf96deafe2f1fb2bbd3be22b6cf5b9690d34Authomize_v2_CL
53368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AM31b1a176170005ef718f9b52e2a2ce5fd044e8604/11/2023, 11:39:38.442 PM5/2/2023, 12:34:17.130 AM[ { "id": "725737663b035a749c31dd80746bf014d1847f00", "name": "OktaSSOuser", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ][][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh101379015902101379015902Access to IaaS without MFA98691894310Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.OktaSSOuser's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/31b1a176170005ef718f9b52e2a2ce5fd044e860Authomize_v2_CL
54368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AM0367c367cc34aa7e5bc162f6f4dd37f369e0ca453/10/2023, 11:37:13.254 AM5/2/2023, 12:37:17.530 AM[ { "id": "fd86c5571db19e742cb7add8d343d71b44a89926", "name": "frontend_test_instance", "object": "identity", "email": null }, { "id": "c77b58f3f69cf570e1fee1382bc98e0485ece2f2", "name": "role/ec2_lambda_access:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534350074705343500New service account gained access to IaaS resource74701856303Keep access to sensitive resources using least privilege principlefrontend_test_instance gained access to Policy role/ec2_lambda_access:trustpolicy on AWS. Access was gained through ec2_lambda_accessfalsehttps://msftriskyuser.authomize.com/incidents/0367c367cc34aa7e5bc162f6f4dd37f369e0ca45Authomize_v2_CL
55368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AM0dbb71620d5a0a22f48f285dd829be164863823d3/10/2023, 11:37:13.249 AM5/2/2023, 12:37:17.529 AM[ { "id": "fd86c5571db19e742cb7add8d343d71b44a89926", "name": "frontend_test_instance", "object": "identity", "email": null }, { "id": "462e65ee4d96e06ac007384c63b4073edfc537eb", "name": "ec2_lambda_access", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534350074705343500New service account gained access to IaaS resource74701856303Keep access to sensitive resources using least privilege principlefrontend_test_instance gained access to Resource_EntitlementProxy ec2_lambda_access on AWS.falsehttps://msftriskyuser.authomize.com/incidents/0dbb71620d5a0a22f48f285dd829be164863823dAuthomize_v2_CL
56368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AMec309607df140c143a75df673f1be2249d7a883f3/10/2023, 11:37:13.244 AM5/2/2023, 12:37:17.530 AM[ { "id": "5df981ccd3044d6cb56ebac473f91d5f97a180a5", "name": "frontend_views", "object": "identity", "email": null }, { "id": "e3198207a5cc29c1ec3d7edbe30f608e14926922", "name": "ec2_s3_full_access", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534350074705343500New service account gained access to IaaS resource74701856303Keep access to sensitive resources using least privilege principlefrontend_views gained access to Resource_EntitlementProxy ec2_s3_full_access on AWS.falsehttps://msftriskyuser.authomize.com/incidents/ec309607df140c143a75df673f1be2249d7a883fAuthomize_v2_CL
57368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AMe7b7b8800efef7c2ef1120b1f756ef87e4ceb4a63/10/2023, 11:37:13.238 AM5/2/2023, 12:37:17.530 AM[ { "id": "5df981ccd3044d6cb56ebac473f91d5f97a180a5", "name": "frontend_views", "object": "identity", "email": null }, { "id": "0a3d67239fd24a7aadbc2202ded521bba72deabe", "name": "role/ec2_s3_full_access:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534350074705343500New service account gained access to IaaS resource74701856303Keep access to sensitive resources using least privilege principlefrontend_views gained access to Policy role/ec2_s3_full_access:trustpolicy on AWS. Access was gained through ec2_s3_full_accessfalsehttps://msftriskyuser.authomize.com/incidents/e7b7b8800efef7c2ef1120b1f756ef87e4ceb4a6Authomize_v2_CL
58368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AM217cb5d016e95d6010d3e462cbe056f6b7d5066e3/10/2023, 11:37:06.079 AM5/2/2023, 12:33:06.155 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "f50d5abbb3ab5d07ea0fb91a38f5480808240c00", "name": "privesc15-PassExistingRoleToNewLambdaThenInvoke-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc15-PassExistingRoleToNewLambdaThenInvoke-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/217cb5d016e95d6010d3e462cbe056f6b7d5066eAuthomize_v2_CL
59368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AMe842897a7776e8a56b842bdedb65bee149f8f70b3/10/2023, 11:37:06.075 AM5/2/2023, 12:33:06.156 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "ee2e94100b8ecc36a2dc5949d97e409819443637", "name": "role/privesc15-passexistingroletonewlambdatheninvoke-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc15-passexistingroletonewlambdatheninvoke-role:trustpolicy on AWS. Access was gained through privesc15-PassExistingRoleToNewLambdaThenInvoke-rolefalsehttps://msftriskyuser.authomize.com/incidents/e842897a7776e8a56b842bdedb65bee149f8f70bAuthomize_v2_CL
60368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AMf2c1d74adc75e3c31e5789af530619e1462feb343/10/2023, 11:37:06.070 AM5/2/2023, 12:33:06.157 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "fb233209f505dd3fc176b68219878f1cd6cf0b6b", "name": "role/privesc-sagemakercreatenotebookpassrole-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-sagemakercreatenotebookpassrole-role:trustpolicy on AWS. Access was gained through privesc-sageMakerCreateNotebookPassRole-rolefalsehttps://msftriskyuser.authomize.com/incidents/f2c1d74adc75e3c31e5789af530619e1462feb34Authomize_v2_CL
61368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:15.113 AMcbdfcb23ce65bb273f4e93b00377cc144936f1003/10/2023, 11:37:06.065 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "dbc2311d045329b3fea9cbeabd9de2cfbfa4bc78", "name": "privesc-sageMakerCreateNotebookPassRole-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-sageMakerCreateNotebookPassRole-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/cbdfcb23ce65bb273f4e93b00377cc144936f100Authomize_v2_CL
62368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AM150662ecc677be09e3cb64c64ffae37cf6e8545a3/10/2023, 11:37:06.060 AM5/2/2023, 12:33:06.155 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "e0a2e0a1f6a4b2bb06988c32a80e19cc68913c25", "name": "role/privesc14-updatingassumerolepolicy-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc14-updatingassumerolepolicy-role:trustpolicy on AWS. Access was gained through privesc14-UpdatingAssumeRolePolicy-rolefalsehttps://msftriskyuser.authomize.com/incidents/150662ecc677be09e3cb64c64ffae37cf6e8545aAuthomize_v2_CL
63368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AMdbda66377c5fa6a570bfcde2a190510c6185c5733/10/2023, 11:37:06.056 AM5/2/2023, 12:33:06.157 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "d9377f102c8508a677e8b567289e157996079155", "name": "privesc14-UpdatingAssumeRolePolicy-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc14-UpdatingAssumeRolePolicy-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/dbda66377c5fa6a570bfcde2a190510c6185c573Authomize_v2_CL
64368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AM2c2d625a80346db442996238901ea8657ac8edd63/10/2023, 11:37:06.051 AM5/2/2023, 12:33:06.156 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "d8fc87b126080ec8a2ce699023d029345acfcec9", "name": "privesc12-PutRolePolicy-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc12-PutRolePolicy-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/2c2d625a80346db442996238901ea8657ac8edd6Authomize_v2_CL
65368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AMb41cf4d8d3784f8bc3b265204666e1955aca6fbb3/10/2023, 11:37:06.046 AM5/2/2023, 12:33:06.160 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "5c4ceaf1629f09e7b9d240e138d5a902f068577a", "name": "role/privesc12-putrolepolicy-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc12-putrolepolicy-role:trustpolicy on AWS. Access was gained through privesc12-PutRolePolicy-rolefalsehttps://msftriskyuser.authomize.com/incidents/b41cf4d8d3784f8bc3b265204666e1955aca6fbbAuthomize_v2_CL
66368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AM59b41d4266ab04283825274ca99d9494ea3dd73c3/10/2023, 11:37:06.041 AM5/2/2023, 12:33:06.156 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "d5a8159f651d16d46680955c9204e9621cf39812", "name": "privesc-sageMakerCreateProcessingJobPassRole-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-sageMakerCreateProcessingJobPassRole-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/59b41d4266ab04283825274ca99d9494ea3dd73cAuthomize_v2_CL
67368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AM9a6bc63c772cee21e97c9edb2e5a4c036816f9963/10/2023, 11:37:06.037 AM5/2/2023, 12:33:11.085 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "6749d2c34828e74fdb645c18ea0b9790ae95a439", "name": "role/privesc-sagemakercreateprocessingjobpassrole-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-sagemakercreateprocessingjobpassrole-role:trustpolicy on AWS. Access was gained through privesc-sageMakerCreateProcessingJobPassRole-rolefalsehttps://msftriskyuser.authomize.com/incidents/9a6bc63c772cee21e97c9edb2e5a4c036816f996Authomize_v2_CL
68368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AMb619e70cb700f80baf7f9774b6b05de32ed5259f3/10/2023, 11:37:06.032 AM5/2/2023, 12:33:11.085 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "d4a580da19afe5ad7f3d05d18608d5167f80fd06", "name": "fp4-nonExploitableResourceConstraint-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy fp4-nonExploitableResourceConstraint-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/b619e70cb700f80baf7f9774b6b05de32ed5259fAuthomize_v2_CL
69368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AMbbed4c9af9a421c8890708bc2a5754767990c69b3/10/2023, 11:37:06.026 AM5/2/2023, 12:33:11.084 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "7141077ab0a802fc1a6be7cc9ff4c5e25c695d50", "name": "role/fp4-nonexploitableresourceconstraint-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/fp4-nonexploitableresourceconstraint-role:trustpolicy on AWS. Access was gained through fp4-nonExploitableResourceConstraint-rolefalsehttps://msftriskyuser.authomize.com/incidents/bbed4c9af9a421c8890708bc2a5754767990c69bAuthomize_v2_CL
70368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AM58522587365d4c5422048b71dfdaed9dd37d7dee3/10/2023, 11:37:06.021 AM5/2/2023, 12:33:06.160 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "d1df8487ca576e66adfd4eac11349e4c82da50b7", "name": "privesc-sageMakerCreateTrainingJobPassRole-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-sageMakerCreateTrainingJobPassRole-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/58522587365d4c5422048b71dfdaed9dd37d7deeAuthomize_v2_CL
71368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:16.707 AM29496c72532ee7a0869e00d15c58e43991a3be7c3/10/2023, 11:37:06.016 AM5/2/2023, 12:33:06.161 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "c3cbd2580c2954cdb439a4b746c6dfeb7cd32bb0", "name": "role/privesc-sagemakercreatetrainingjobpassrole-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-sagemakercreatetrainingjobpassrole-role:trustpolicy on AWS. Access was gained through privesc-sageMakerCreateTrainingJobPassRole-rolefalsehttps://msftriskyuser.authomize.com/incidents/29496c72532ee7a0869e00d15c58e43991a3be7cAuthomize_v2_CL
72368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AMf062ff5eb7a238b61da885a263d51e174c371dff3/10/2023, 11:37:06.011 AM5/2/2023, 12:33:06.156 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "cddf050be9319c136bbbc01f17763201b64cf91b", "name": "privesc-ssmStartSession-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-ssmStartSession-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/f062ff5eb7a238b61da885a263d51e174c371dffAuthomize_v2_CL
73368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AM0f834068bb0c1cb88ea248ed4a62ee6f393af7f83/10/2023, 11:37:06.006 AM5/2/2023, 12:33:06.155 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "7a3724a3ca9fc14fcd1a1838a234c390c4811991", "name": "role/privesc-ssmstartsession-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-ssmstartsession-role:trustpolicy on AWS. Access was gained through privesc-ssmStartSession-rolefalsehttps://msftriskyuser.authomize.com/incidents/0f834068bb0c1cb88ea248ed4a62ee6f393af7f8Authomize_v2_CL
74368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AM379fdf5a48ff4c6c22d5dc2e8dcd4e3368d913063/10/2023, 11:37:06.001 AM5/2/2023, 12:33:06.155 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "d7bb41efcf114d0c9011d9ed2c0cf6917c6c2256", "name": "role/privesc-sagemakercreatepresignednotebookurl-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-sagemakercreatepresignednotebookurl-role:trustpolicy on AWS. Access was gained through privesc-sageMakerCreatePresignedNotebookURL-rolefalsehttps://msftriskyuser.authomize.com/incidents/379fdf5a48ff4c6c22d5dc2e8dcd4e3368d91306Authomize_v2_CL
75368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AM85a405adbc59caf7de1d21077cda203bc7cae3a03/10/2023, 11:37:05.995 AM5/2/2023, 12:33:06.155 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "c4df1e86fe83bfc346cfb23fd21f5a2e1d2b7b23", "name": "privesc-sageMakerCreatePresignedNotebookURL-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-sageMakerCreatePresignedNotebookURL-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/85a405adbc59caf7de1d21077cda203bc7cae3a0Authomize_v2_CL
76368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AMfc9cd946f18aa7d01bf7cc70c3118951364ed7ef3/10/2023, 11:37:05.990 AM5/2/2023, 12:33:06.158 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "bf966f7b1b5c0e3169fbfb0f0e5bdd5200e03dfd", "name": "privesc16-PassRoleToNewLambdaThenTriggerWithNewDynamo-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc16-PassRoleToNewLambdaThenTriggerWithNewDynamo-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/fc9cd946f18aa7d01bf7cc70c3118951364ed7efAuthomize_v2_CL
77368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AMa1a31542b163323f86366f5f9746389235421e293/10/2023, 11:37:05.986 AM5/2/2023, 12:33:06.157 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "4b64c9e25d7c3c70cc4fd63f11492082ce4f05ac", "name": "role/privesc16-passroletonewlambdathentriggerwithnewdynamo-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc16-passroletonewlambdathentriggerwithnewdynamo-role:trustpolicy on AWS. Access was gained through privesc16-PassRoleToNewLambdaThenTriggerWithNewDynamo-rolefalsehttps://msftriskyuser.authomize.com/incidents/a1a31542b163323f86366f5f9746389235421e29Authomize_v2_CL
78368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AM9d4fb9843c0f4880e1e23532b8db724b35cdee1c3/10/2023, 11:37:05.981 AM5/2/2023, 12:33:11.085 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "b494fd2e5c32528f6f7868d28ce0bddb813efdc7", "name": "privesc1-CreateNewPolicyVersion-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc1-CreateNewPolicyVersion-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/9d4fb9843c0f4880e1e23532b8db724b35cdee1cAuthomize_v2_CL
79368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AM70482343f0d4b0092610166c03cbc24b1ae57e703/10/2023, 11:37:05.962 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "942cfa15536f0d202fc4f9a53b1c2d3d93c800b4", "name": "role/privesc1-createnewpolicyversion-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc1-createnewpolicyversion-role:trustpolicy on AWS. Access was gained through privesc1-CreateNewPolicyVersion-rolefalsehttps://msftriskyuser.authomize.com/incidents/70482343f0d4b0092610166c03cbc24b1ae57e70Authomize_v2_CL
80368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AMf94caed3ac9b51d90a94141da7add28139c1add43/10/2023, 11:37:05.956 AM5/2/2023, 12:33:11.086 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "b4153b031bdd8330d38d3abad9a3d5c443394a2a", "name": "privesc2-SetExistingDefaultPolicyVersion-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc2-SetExistingDefaultPolicyVersion-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/f94caed3ac9b51d90a94141da7add28139c1add4Authomize_v2_CL
81368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:19.447 AMbd61030613357183abe07143c9db1a76e93522193/10/2023, 11:37:05.951 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "0e56b2aefad3817948927b8f0237c4f05a159a5f", "name": "role/privesc2-setexistingdefaultpolicyversion-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc2-setexistingdefaultpolicyversion-role:trustpolicy on AWS. Access was gained through privesc2-SetExistingDefaultPolicyVersion-rolefalsehttps://msftriskyuser.authomize.com/incidents/bd61030613357183abe07143c9db1a76e9352219Authomize_v2_CL
82368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AM0fc47795d82e5b50e680465390a793a1d7bcbe073/10/2023, 11:37:05.946 AM5/2/2023, 12:33:06.158 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "b269dc8baee39ca165438afc16edaf86fb90e918", "name": "privesc19-UpdateExistingGlueDevEndpoint-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc19-UpdateExistingGlueDevEndpoint-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/0fc47795d82e5b50e680465390a793a1d7bcbe07Authomize_v2_CL
83368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AM68f6523f2f76a8e5b4f932512a567b7f21c8afd33/10/2023, 11:37:05.941 AM5/2/2023, 12:33:06.161 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "885a3825218441613f6ac495700378c2f60bee42", "name": "role/privesc19-updateexistinggluedevendpoint-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc19-updateexistinggluedevendpoint-role:trustpolicy on AWS. Access was gained through privesc19-UpdateExistingGlueDevEndpoint-rolefalsehttps://msftriskyuser.authomize.com/incidents/68f6523f2f76a8e5b4f932512a567b7f21c8afd3Authomize_v2_CL
84368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AM0141e4fe10937f263e494a7b5db0d3b0dc9bbed73/10/2023, 11:37:05.937 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "ab6c48b7204fb3f965f2e352cbc085b7925e5b7c", "name": "privesc17-EditExistingLambdaFunctionWithRole-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc17-EditExistingLambdaFunctionWithRole-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/0141e4fe10937f263e494a7b5db0d3b0dc9bbed7Authomize_v2_CL
85368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AMb47330fd60e106a221b8f7f649ce163e18d2e39f3/10/2023, 11:37:05.932 AM5/2/2023, 12:33:11.084 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "8af146306cca1c04f966a1dbbaca93d1217a76cc", "name": "role/privesc17-editexistinglambdafunctionwithrole-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc17-editexistinglambdafunctionwithrole-role:trustpolicy on AWS. Access was gained through privesc17-EditExistingLambdaFunctionWithRole-rolefalsehttps://msftriskyuser.authomize.com/incidents/b47330fd60e106a221b8f7f649ce163e18d2e39fAuthomize_v2_CL
86368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AMe284457cc39a03b3bd0a385530df34df3e11c5483/10/2023, 11:37:05.926 AM5/2/2023, 12:33:11.086 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "a7611d98d4f3ad0d12fcd0f709c57b6a1351c2ef", "name": "privesc10-PutUserPolicy-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc10-PutUserPolicy-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/e284457cc39a03b3bd0a385530df34df3e11c548Authomize_v2_CL
87368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AMc15dda8f724a707f3709b8fc7c60f8b6e530b07b3/10/2023, 11:37:05.921 AM5/2/2023, 12:33:11.083 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "5fe59a62623191d018e1c99085d8f136b1eaa050", "name": "role/privesc10-putuserpolicy-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc10-putuserpolicy-role:trustpolicy on AWS. Access was gained through privesc10-PutUserPolicy-rolefalsehttps://msftriskyuser.authomize.com/incidents/c15dda8f724a707f3709b8fc7c60f8b6e530b07bAuthomize_v2_CL
88368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AM42ca4fe3783fa478bc95b1544b68eb22027ed0053/10/2023, 11:37:05.916 AM5/2/2023, 12:33:06.157 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "9fc1d76c057711407ea3862c897a89a8b93feea3", "name": "create-access-keys-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy create-access-keys-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/42ca4fe3783fa478bc95b1544b68eb22027ed005Authomize_v2_CL
89368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AM2629436ed5ce4dcd26573bc6bb13f8c434e497013/10/2023, 11:37:05.911 AM5/2/2023, 12:33:06.156 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "602e3dc786dc0ef5d06759af7e495b283fef8809", "name": "role/create-access-keys-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/create-access-keys-role:trustpolicy on AWS. Access was gained through create-access-keys-rolefalsehttps://msftriskyuser.authomize.com/incidents/2629436ed5ce4dcd26573bc6bb13f8c434e49701Authomize_v2_CL
90368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AM93658d401fed5aa8b7e043af6a163628867b83ae3/10/2023, 11:37:05.906 AM5/2/2023, 12:33:06.156 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "940fefa56a0e62ab8ab8add131d055b520853419", "name": "privesc9-AttachRolePolicy-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc9-AttachRolePolicy-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/93658d401fed5aa8b7e043af6a163628867b83aeAuthomize_v2_CL
91368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:20.925 AMe61d255543946f41dfe55817d0ec8835ca7eb2843/10/2023, 11:37:05.901 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "3e8b4570904f217a591f6aa6c99d652377e64f94", "name": "role/privesc9-attachrolepolicy-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc9-attachrolepolicy-role:trustpolicy on AWS. Access was gained through privesc9-AttachRolePolicy-rolefalsehttps://msftriskyuser.authomize.com/incidents/e61d255543946f41dfe55817d0ec8835ca7eb284Authomize_v2_CL
92368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AMf012fc16260f03491a6889a1581f4298cd358ab93/10/2023, 11:37:05.896 AM5/2/2023, 12:33:06.160 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "f1828320bc23e58be6ad1cf35e296690df6eb6e8", "name": "role/fp5-nonexploitableconditionconstraint-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/fp5-nonexploitableconditionconstraint-role:trustpolicy on AWS. Access was gained through fp5-nonExploitableConditionConstraint-rolefalsehttps://msftriskyuser.authomize.com/incidents/f012fc16260f03491a6889a1581f4298cd358ab9Authomize_v2_CL
93368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AM2b6cb2229d396d41bc61558cbcdc6a569d47d6bc3/10/2023, 11:37:05.890 AM5/2/2023, 12:33:06.160 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "9229c4accf51a21823ae293ef77f306a8abcc3ff", "name": "fp5-nonExploitableConditionConstraint-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy fp5-nonExploitableConditionConstraint-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/2b6cb2229d396d41bc61558cbcdc6a569d47d6bcAuthomize_v2_CL
94368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AMa354e6ab06fa2c20c1cd67f61683575d51dbd3ed3/10/2023, 11:37:05.885 AM5/2/2023, 12:33:11.084 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "88d2e219e689f6585e2251b8da785d10ff0f8fdc", "name": "privesc-CloudFormationUpdateStack-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-CloudFormationUpdateStack-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/a354e6ab06fa2c20c1cd67f61683575d51dbd3edAuthomize_v2_CL
95368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AM3c359bbd23e8c3db0ffb0493c4869d50a51c44ff3/10/2023, 11:37:05.880 AM5/2/2023, 12:33:06.158 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "6fa8dff1bc10d6522b60c23e623167d49768dda5", "name": "role/privesc-cloudformationupdatestack-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-cloudformationupdatestack-role:trustpolicy on AWS. Access was gained through privesc-CloudFormationUpdateStack-rolefalsehttps://msftriskyuser.authomize.com/incidents/3c359bbd23e8c3db0ffb0493c4869d50a51c44ffAuthomize_v2_CL
96368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AMaf881e76a84c5b949f76cd866ebabdd771862f5a3/10/2023, 11:37:05.876 AM5/2/2023, 12:33:11.084 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "ab4353a13e64f6eb5789a253d8db3934261c087f", "name": "role/privesc-assumerole-starting-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-assumerole-starting-role:trustpolicy on AWS. Access was gained through privesc-AssumeRole-starting-rolefalsehttps://msftriskyuser.authomize.com/incidents/af881e76a84c5b949f76cd866ebabdd771862f5aAuthomize_v2_CL
97368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AM50cb08d391447c92bcff12627a23df3ce832c06f3/10/2023, 11:37:05.871 AM5/2/2023, 12:33:06.157 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "87b44b3f24fba7b2e8197dd53b851401ccbebceb", "name": "privesc-AssumeRole-starting-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-AssumeRole-starting-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/50cb08d391447c92bcff12627a23df3ce832c06fAuthomize_v2_CL
98368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AMc39eb4d79767e2f7a25a28919e533005961c76d13/10/2023, 11:37:05.866 AM5/2/2023, 12:33:06.160 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "fff633e9f66b872e5be89c43e5cf7ffc2302d89e", "name": "role/fn4-exploitablenotaction-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/fn4-exploitablenotaction-role:trustpolicy on AWS. Access was gained through fn4-exploitableNotAction-rolefalsehttps://msftriskyuser.authomize.com/incidents/c39eb4d79767e2f7a25a28919e533005961c76d1Authomize_v2_CL
99368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AM6d3f748c564a6168260706784475de3b24b884f03/10/2023, 11:37:05.856 AM5/2/2023, 12:33:06.161 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "853de653f97253e4f420001af753612ff29c262d", "name": "fn4-exploitableNotAction-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy fn4-exploitableNotAction-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/6d3f748c564a6168260706784475de3b24b884f0Authomize_v2_CL
100368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AMdbb98f19daf8c94b9523941d245a63c4284c86643/10/2023, 11:37:05.851 AM5/2/2023, 12:33:11.084 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "801f5f170cf9a26856903a01df19cbbbbd5d942b", "name": "fn2-exploitableResourceConstraint-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy fn2-exploitableResourceConstraint-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/dbb98f19daf8c94b9523941d245a63c4284c8664Authomize_v2_CL
101368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:22.183 AMa3ef0ab63ba1a9cc4f3389c61c2644d70d29145f3/10/2023, 11:37:05.845 AM5/2/2023, 12:33:06.161 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "30e36dc0af494bd8df7a9d6bbc7497748644dcf2", "name": "role/fn2-exploitableresourceconstraint-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/fn2-exploitableresourceconstraint-role:trustpolicy on AWS. Access was gained through fn2-exploitableResourceConstraint-rolefalsehttps://msftriskyuser.authomize.com/incidents/a3ef0ab63ba1a9cc4f3389c61c2644d70d29145fAuthomize_v2_CL
102368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AMc89b23b4fba5ecf5964d053210890321ba2bedef3/10/2023, 11:37:05.840 AM5/2/2023, 12:33:11.086 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "d5150dd049c95f34d89d7095f19cacaa547ca7a1", "name": "role/privesc3-createec2withexistinginstanceprofile-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc3-createec2withexistinginstanceprofile-role:trustpolicy on AWS. Access was gained through privesc3-CreateEC2WithExistingInstanceProfile-rolefalsehttps://msftriskyuser.authomize.com/incidents/c89b23b4fba5ecf5964d053210890321ba2bedefAuthomize_v2_CL
103368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AM961b721fc94ba45a14bd1b56738b4884d74ce1693/10/2023, 11:37:05.835 AM5/2/2023, 12:33:06.157 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "75a27b50975d7a1a5dca723ddc36a96e1aaa8509", "name": "privesc3-CreateEC2WithExistingInstanceProfile-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc3-CreateEC2WithExistingInstanceProfile-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/961b721fc94ba45a14bd1b56738b4884d74ce169Authomize_v2_CL
104368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AM689e3b8955344058530259ad09c05645ab7708e33/10/2023, 11:37:05.830 AM5/2/2023, 12:33:06.156 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "e64d734a0506dd2ef9c44e30eed19bcec2a75159", "name": "role/attach-role-to-user-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/attach-role-to-user-role:trustpolicy on AWS. Access was gained through role/attach-role-to-user-rolefalsehttps://msftriskyuser.authomize.com/incidents/689e3b8955344058530259ad09c05645ab7708e3Authomize_v2_CL
105368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AMdb7749c89171a7d1342e040d36ccc6731399a8a13/10/2023, 11:37:05.825 AM5/2/2023, 12:33:11.084 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "c96763fe022295abbad74de37214777fcc4feeb9", "name": "role/attach-role-to-user-role:allows_assume_okta_ec2", "object": "asset", "originId": null, "originType": "InlinePolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/attach-role-to-user-role:allows_assume_okta_ec2 on AWS. Access was gained through role/attach-role-to-user-rolefalsehttps://msftriskyuser.authomize.com/incidents/db7749c89171a7d1342e040d36ccc6731399a8a1Authomize_v2_CL
106368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AM713e159968e7356a0c790eef44cb123fa26e4f5a3/10/2023, 11:37:05.820 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "73828764631bdaf0e42bfb70c34280930b2ab3bd", "name": "role/attach-role-to-user-role", "object": "asset", "originId": null, "originType": "ARNResourceReference" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy role/attach-role-to-user-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/713e159968e7356a0c790eef44cb123fa26e4f5aAuthomize_v2_CL
107368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AMde6fbad03eaf9b016278add8890eff637e138ee53/10/2023, 11:37:05.815 AM5/2/2023, 12:33:06.159 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "9258cb9fc9f3269e4c9ae36d8baf25e4633a6c7e", "name": "role/privesc13-addusertogroup-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc13-addusertogroup-role:trustpolicy on AWS. Access was gained through privesc13-AddUserToGroup-rolefalsehttps://msftriskyuser.authomize.com/incidents/de6fbad03eaf9b016278add8890eff637e138ee5Authomize_v2_CL
108368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AM166608450558c319ac4a3a7bad0e5ca05169b0403/10/2023, 11:37:05.809 AM5/2/2023, 12:33:11.084 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "71fa0143ff61aecc431735e3b651dc7a369b39e3", "name": "privesc13-AddUserToGroup-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc13-AddUserToGroup-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/166608450558c319ac4a3a7bad0e5ca05169b040Authomize_v2_CL
109368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AM45b3351bab9b6c700cff467d97ffd89e76039ae63/10/2023, 11:37:05.803 AM5/2/2023, 12:33:06.161 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "69cf4fc1de7f83e1824e319a4cd812216cefab02", "name": "role/privesc11-putgrouppolicy-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc11-putgrouppolicy-role:trustpolicy on AWS. Access was gained through privesc11-PutGroupPolicy-rolefalsehttps://msftriskyuser.authomize.com/incidents/45b3351bab9b6c700cff467d97ffd89e76039ae6Authomize_v2_CL
110368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AM8c4fb6211f4e9ce47fff7329b4b8ec9c8cff76ca3/10/2023, 11:37:05.797 AM5/2/2023, 12:33:11.085 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "6873537cf8bccdb37e5c33c3f33f69237c92583a", "name": "privesc11-PutGroupPolicy-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc11-PutGroupPolicy-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/8c4fb6211f4e9ce47fff7329b4b8ec9c8cff76caAuthomize_v2_CL
111368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:23.322 AM764f934c7b041f65ba2fc8c6f7a66d78388f04ba3/10/2023, 11:37:05.791 AM5/2/2023, 12:33:06.158 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "e38d881dfd2def4435ce29500b8d1e85cc80003c", "name": "role/run-ec2-instances-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/run-ec2-instances-role:trustpolicy on AWS. Access was gained through run-ec2-instances-rolefalsehttps://msftriskyuser.authomize.com/incidents/764f934c7b041f65ba2fc8c6f7a66d78388f04baAuthomize_v2_CL
112368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM157b4900389bb1a499748e4d5ff5f173b5fcd40c3/10/2023, 11:37:05.785 AM5/2/2023, 12:33:11.086 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "63dfa33250dc4f9ce7aa220d45e6c7e62fa71770", "name": "run-ec2-instances-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy run-ec2-instances-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/157b4900389bb1a499748e4d5ff5f173b5fcd40cAuthomize_v2_CL
113368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM625b5c4f42f637e7ec25d1e9e7c852c763cd8fa93/10/2023, 11:37:05.779 AM5/2/2023, 12:33:11.085 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "633007f97eccb6d8b59a0b87766441abe060e9d6", "name": "privesc18-PassExistingRoleToNewGlueDevEndpoint-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc18-PassExistingRoleToNewGlueDevEndpoint-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/625b5c4f42f637e7ec25d1e9e7c852c763cd8fa9Authomize_v2_CL
114368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM1605591b6b91399c61d8f34ed0d73b2e2c87771b3/10/2023, 11:37:05.773 AM5/2/2023, 12:33:06.160 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "41e53ce9ccc996b7650123d59577072cff7424e6", "name": "role/privesc18-passexistingroletonewgluedevendpoint-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc18-passexistingroletonewgluedevendpoint-role:trustpolicy on AWS. Access was gained through privesc18-PassExistingRoleToNewGlueDevEndpoint-rolefalsehttps://msftriskyuser.authomize.com/incidents/1605591b6b91399c61d8f34ed0d73b2e2c87771bAuthomize_v2_CL
115368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM54c556a40acd5e81a9a9023d728a81592c91a9ac3/10/2023, 11:37:05.767 AM5/2/2023, 12:33:06.158 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "66809f0a2e2145c88ae420ec9af2f8b19aae4e64", "name": "role/privesc-codebuildcreateprojectpassrole-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc-codebuildcreateprojectpassrole-role:trustpolicy on AWS. Access was gained through privesc-codeBuildCreateProjectPassRole-rolefalsehttps://msftriskyuser.authomize.com/incidents/54c556a40acd5e81a9a9023d728a81592c91a9acAuthomize_v2_CL
116368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AMab40ab1386b79dad2110bdcdb3412bba440631a63/10/2023, 11:37:05.761 AM5/2/2023, 12:33:06.160 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "51b5a3ccd5e64d1fd471f6d89c50a0d59035211e", "name": "privesc-codeBuildCreateProjectPassRole-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc-codeBuildCreateProjectPassRole-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/ab40ab1386b79dad2110bdcdb3412bba440631a6Authomize_v2_CL
117368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AMf8b028af36b906fcbb43ad5850f6a7e44b554e0c3/10/2023, 11:37:05.755 AM5/2/2023, 12:33:06.161 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "8628c26bf1421e011adfb06ddea2d3322f0e58c1", "name": "role/privesc21-passexistingroletonewdatapipeline-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/privesc21-passexistingroletonewdatapipeline-role:trustpolicy on AWS. Access was gained through privesc21-PassExistingRoleToNewDataPipeline-rolefalsehttps://msftriskyuser.authomize.com/incidents/f8b028af36b906fcbb43ad5850f6a7e44b554e0cAuthomize_v2_CL
118368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM8e4078bc29bfb399c5051d6d275b0958efdafad13/10/2023, 11:37:05.748 AM5/2/2023, 12:33:06.155 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "4b51b92b8369d39cdd0964f383d2e195b4b15c1f", "name": "privesc21-PassExistingRoleToNewDataPipeline-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy privesc21-PassExistingRoleToNewDataPipeline-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/8e4078bc29bfb399c5051d6d275b0958efdafad1Authomize_v2_CL
119368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM0ba734b57bbc1fb37581607f3636a499c22e4e403/10/2023, 11:37:05.742 AM5/2/2023, 12:33:06.158 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "95927e4f979bbf2fdbf9069547a687215339bc6e", "name": "role/allow-attaching-group-policy-role:trustpolicy", "object": "asset", "originId": null, "originType": "TrustPolicy" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Policy role/allow-attaching-group-policy-role:trustpolicy on AWS. Access was gained through allow-attaching-group-policy-rolefalsehttps://msftriskyuser.authomize.com/incidents/0ba734b57bbc1fb37581607f3636a499c22e4e40Authomize_v2_CL
120368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM8c1515f5cfdabe672d3e5c79859e31a691bd17cb3/10/2023, 11:37:05.736 AM5/2/2023, 12:33:06.158 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "3d891e577b103cdda7480a5c353e98146af05a68", "name": "allow-attaching-group-policy-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy allow-attaching-group-policy-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/8c1515f5cfdabe672d3e5c79859e31a691bd17cbAuthomize_v2_CL
121368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:24.992 AM8f9a010c7c855c277825005e7e22d992fea3d2cc3/10/2023, 11:37:05.730 AM5/2/2023, 12:33:06.157 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null }, { "id": "16ef563d039853490c23b871dadd27ca3c05eff1", "name": "allow-ec2-connection-role", "object": "asset", "originId": null, "originType": "IAMRole" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Exposure[][ { "values": [ "IAM-01", "IAM-03", "IAM-05", "DSP-01", "DSP-07", "DSP-08" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.1", "A.9.4.1", "A.13.2.1", "A.8.3.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.7" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-02", "DSI-04" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenMedium7470534309174705343091New direct access policy was granted against organizational policy74701856303Keep access to sensitive resources using least privilege principlecli user gained access to Resource_EntitlementProxy allow-ec2-connection-role on AWS.falsehttps://msftriskyuser.authomize.com/incidents/8f9a010c7c855c277825005e7e22d992fea3d2ccAuthomize_v2_CL
122368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AM0406647c740f9a32d5011174023a26c58cca4d6d3/9/2023, 11:37:10.027 PM5/2/2023, 12:37:26.310 AM[ { "id": "9a5615f8555b373e68c4f600904d87b66f143b4a", "name": "74aed80d85fccde22d4af34ff872f8d1", "object": "identity", "email": null }, { "id": "3ec2b2ee3da9189992cedccf1ca13baf9023d55c", "name": "74aed80d85fccde22d4af34ff872f8d1", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group 74aed80d85fccde22d4af34ff872f8d1 has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/0406647c740f9a32d5011174023a26c58cca4d6dAuthomize_v2_CL
123368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AMdc3a1ac14b8bc713c90038fe5bc15ee3074e48bf3/9/2023, 11:37:10.023 PM5/2/2023, 12:37:26.307 AM[ { "id": "59c8849bfeb3b6de260f2dc2057c6ae2a879e0ea", "name": "aad", "object": "identity", "email": null }, { "id": "8808bef5dfccc8d1dab062f5973c240ac4797074", "name": "aad", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group aad has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/dc3a1ac14b8bc713c90038fe5bc15ee3074e48bfAuthomize_v2_CL
124368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AMe844d0af6b1401b248b8afe937d187ae1e1adfad3/9/2023, 11:37:10.018 PM5/2/2023, 12:37:26.311 AM[ { "id": "2b25c71d57c88af66ed054ff0b7692d38adc3c29", "name": "ping", "object": "identity", "email": null }, { "id": "a19591fcb668522d1e9fd5204a6101ea00f8a652", "name": "ping", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group ping has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/e844d0af6b1401b248b8afe937d187ae1e1adfadAuthomize_v2_CL
125368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AM7c304bdee9517f72433859897bf5e01e628483fd3/9/2023, 11:37:10.013 PM5/2/2023, 12:37:26.309 AM[ { "id": "f870fbe62136eb523d5a59d6e179e90ae4547f70", "name": "awssso_cdfbc25a58c2a6fc_do_not_delete", "object": "identity", "email": null }, { "id": "5b6079b142b9e85b77f945abfdbaac1081779a2c", "name": "awssso_cdfbc25a58c2a6fc_do_not_delete", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group awssso_cdfbc25a58c2a6fc_do_not_delete has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/7c304bdee9517f72433859897bf5e01e628483fdAuthomize_v2_CL
126368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AM2fe3d024ddfc93d86b105141d4bc4c1fefdc6bca3/9/2023, 11:37:10.008 PM5/2/2023, 12:37:26.307 AM[ { "id": "b005eb28050246738798d00a233bf49c9cbdc09b", "name": "aad", "object": "identity", "email": null }, { "id": "90a5df00a47f4b267c6f8143f7ef2b8e21c60bd6", "name": "aad", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group aad has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/2fe3d024ddfc93d86b105141d4bc4c1fefdc6bcaAuthomize_v2_CL
127368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AMb221c36015f21d4d200615109ca2d3b20a58c0a33/9/2023, 11:37:10.003 PM5/2/2023, 12:37:26.311 AM[ { "id": "25e0277a33b6b36e04bd448c5eb857a34eeb6036", "name": "okta", "object": "identity", "email": null }, { "id": "ed46db938148de8acddbeb17eaa539bfd4c3d2a5", "name": "okta", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group okta has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/b221c36015f21d4d200615109ca2d3b20a58c0a3Authomize_v2_CL
128368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AM87e30d59f2090db9daf268a119981d778e833e583/9/2023, 8:37:33.843 PM5/2/2023, 12:37:26.309 AM[ { "id": "7984be6be6de0d035d6c0f667ee807f8de4780c6", "name": "awssso_8abf30e4d8fe68a1_do_not_delete", "object": "identity", "email": null }, { "id": "3363ffd9d6115c17d4432999d6bf663fa8e9e938", "name": "awssso_8abf30e4d8fe68a1_do_not_delete", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group awssso_8abf30e4d8fe68a1_do_not_delete has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/87e30d59f2090db9daf268a119981d778e833e58Authomize_v2_CL
129368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AM1b1d87cf22421895050fc0d5a134ff6e964d1d9e3/9/2023, 8:37:33.831 PM5/2/2023, 12:37:26.307 AM[ { "id": "8eb7fde8df0b16cd329646a21e83bfc3d85a5f35", "name": "aad", "object": "identity", "email": null }, { "id": "0e1b318409a2ec8f14dafe0e2e8c2eb68806f892", "name": "aad", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group aad has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/1b1d87cf22421895050fc0d5a134ff6e964d1d9eAuthomize_v2_CL
130368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AM589a9736de69e3dcfe612a50f85a338e3877262f3/9/2023, 8:37:33.819 PM5/2/2023, 12:37:26.308 AM[ { "id": "41f13648dcad200b64b5ab8f8b7bc0632c7cd2dd", "name": "PelegGroup", "object": "identity", "email": null }, { "id": "fcb342027e211c7eaea85bcda8055f5d25178b8b", "name": "PelegGroup", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group PelegGroup has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/589a9736de69e3dcfe612a50f85a338e3877262fAuthomize_v2_CL
131368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:27.863 AM4effb552e8d24929f868fd4518a32a0e80249a553/9/2023, 8:37:33.792 PM5/2/2023, 12:37:26.308 AM[ { "id": "77f15a7387c0977e7b4f623285954c9f2a336e45", "name": "S3-access-group", "object": "identity", "email": null }, { "id": "1da3703abe10ecb5450a93b6de2adf8b91724a6e", "name": "S3-access-group", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group S3-access-group has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/4effb552e8d24929f868fd4518a32a0e80249a55Authomize_v2_CL
132368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AM529a981ac93404c349995ce2bea5c0e7444242273/9/2023, 8:37:33.783 PM5/2/2023, 12:37:26.308 AM[ { "id": "72a047470c3119eb49817ae92625df2f1c33e20d", "name": "API-Gateway-Admin", "object": "identity", "email": null }, { "id": "18a78d366d469104253a818daa0ee87eb4671a90", "name": "API-Gateway-Admin", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group API-Gateway-Admin has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/529a981ac93404c349995ce2bea5c0e744424227Authomize_v2_CL
133368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AM4461a118f15035fa7d39ed9c20b8b56ec283841e3/9/2023, 8:37:33.771 PM5/2/2023, 12:37:26.309 AM[ { "id": "87d46203475a238adf9a16266785bf08a22cc119", "name": "Kubernetes", "object": "identity", "email": null }, { "id": "1bba9ba2a90ba24940f43b5b00de4470f5d7d3ae", "name": "Kubernetes", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group Kubernetes has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/4461a118f15035fa7d39ed9c20b8b56ec283841eAuthomize_v2_CL
134368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AM10f45b53c964cf7948c1f180237a77f87f39d7373/9/2023, 8:37:33.755 PM5/2/2023, 12:37:26.310 AM[ { "id": "0e50d37e5d3e9deda92d3888fa25f436bf807cd4", "name": "MiguelGroup", "object": "identity", "email": null }, { "id": "3345111b97cac86ad7252655bbc2421159a0ff80", "name": "MiguelGroup", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group MiguelGroup has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/10f45b53c964cf7948c1f180237a77f87f39d737Authomize_v2_CL
135368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AM01df956f2e2d38f722ac4ef6ba5e6e7145b8d2a93/9/2023, 8:37:33.743 PM5/2/2023, 12:37:26.310 AM[ { "id": "b7c920b90dab66c7c388120ee0be69e876813631", "name": "aa", "object": "identity", "email": null }, { "id": "3deb73cdd33933de3fa787665d2d9cccc583b517", "name": "aa", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group aa has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/01df956f2e2d38f722ac4ef6ba5e6e7145b8d2a9Authomize_v2_CL
136368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AMd7782412e5e85bb6ed69cc04e0274d5e33557e583/9/2023, 8:37:33.735 PM5/2/2023, 12:37:26.308 AM[ { "id": "b9ff66d657cf3ba2b84158d4e4a51da0a18f41fb", "name": "Administrators", "object": "identity", "email": null }, { "id": "d72d8d4f29c01dd06629f3bcd1884568fc458a0e", "name": "Administrators", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group Administrators has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/d7782412e5e85bb6ed69cc04e0274d5e33557e58Authomize_v2_CL
137368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AMca796ace81cf6e98a92dc2ab9d893fb8dc609c413/9/2023, 8:37:33.705 PM5/2/2023, 12:37:26.310 AM[ { "id": "b96acf540fd0e5edddc04f123062af708dd9e237", "name": "AWS_lambda_full_access", "object": "identity", "email": null }, { "id": "486a5a6c52589129ba05b56168bae8cbe522e0f3", "name": "AWS_lambda_full_access", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Change Management[ "Defense Evasion", "Lateral Movement", "Persistence", "Privilege Escalation" ][ { "values": [ "6.2", "5.3" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "CC6.2", "CC6.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" } ][ "Account Manipulation", "Valid Accounts" ]OpenMedium7470534391974705343919Empty group with entitlements74701857016It is advisable to remove this group.The group AWS_lambda_full_access has no members but is entitled to one or more assets.falsehttps://msftriskyuser.authomize.com/incidents/ca796ace81cf6e98a92dc2ab9d893fb8dc609c41Authomize_v2_CL
138368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AMe025d3f5ff4eef4ff3457b79b3e0f11c917ebd533/7/2023, 11:39:44.598 PM5/2/2023, 12:41:36.809 AM[ { "id": "319d63d56065543badcc8a611ec8c435caa373b0", "name": "Okta__ec2_lambda_s3_full", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319905091723199050AWS role with shadow admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Shadow Admin Identity role Okta__ec2_lambda_s3_full was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/e025d3f5ff4eef4ff3457b79b3e0f11c917ebd53Authomize_v2_CL
139368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AM7e5af697a824cdda2aad6c282b701c44b7fcdbc33/7/2023, 11:39:44.592 PM5/2/2023, 12:41:36.809 AM[ { "id": "db72c19c40a4c44a25d56824e4490b2e40a71f7d", "name": "empty_role_allow_assume", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319905091723199050AWS role with shadow admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Shadow Admin Identity role empty_role_allow_assume was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/7e5af697a824cdda2aad6c282b701c44b7fcdbc3Authomize_v2_CL
140368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AMdd580bf77bb516aa04f80ae8a5d42bdcb05d6d893/7/2023, 11:39:44.585 PM5/2/2023, 12:41:36.810 AM[ { "id": "3e7da1d00f61d0c5a5afb707e267082d8137a2b8", "name": "attach-role-to-user-role", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319905091723199050AWS role with shadow admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Shadow Admin Identity role attach-role-to-user-role was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/dd580bf77bb516aa04f80ae8a5d42bdcb05d6d89Authomize_v2_CL
141368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:29.219 AMc7de1501c76d2830719fdb60ce88672a386eb4493/7/2023, 11:39:44.578 PM5/2/2023, 12:41:36.810 AM[ { "id": "f7a97b83c333f46af3b8b0ae91edc1de7ec96f7e", "name": "privesc1-CreateNewPolicyVersion-role", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319905091723199050AWS role with shadow admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Shadow Admin Identity role privesc1-CreateNewPolicyVersion-role was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/c7de1501c76d2830719fdb60ce88672a386eb449Authomize_v2_CL
142368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AM86e636842daa2eb7e75f8b5a0ed5ce781c638cfc3/7/2023, 11:39:44.570 PM5/2/2023, 12:41:36.809 AM[ { "id": "5c6c09e4e4d31639d6371c52a27cde555b1d9f86", "name": "ping_idp_role", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319905091723199050AWS role with shadow admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Shadow Admin Identity role ping_idp_role was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/86e636842daa2eb7e75f8b5a0ed5ce781c638cfcAuthomize_v2_CL
143368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AMa632484c12bd1e928cc78aab9786c1189ea186a53/7/2023, 11:39:44.562 PM5/2/2023, 12:41:36.810 AM[ { "id": "d507eaddc1b75bdc9a8767a2df19c20a88481fcc", "name": "ec2_lambda_access", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319905091723199050AWS role with shadow admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Shadow Admin Identity role ec2_lambda_access was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/a632484c12bd1e928cc78aab9786c1189ea186a5Authomize_v2_CL
144368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AM94321327291656879821fa4682c62169047e32653/7/2023, 11:39:44.555 PM5/2/2023, 12:41:36.810 AM[ { "id": "7a43f5c11380d1dd190b7458993e7bf01450ed55", "name": "ec2_lambda_s3_full", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319905091723199050AWS role with shadow admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Shadow Admin Identity role ec2_lambda_s3_full was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/94321327291656879821fa4682c62169047e3265Authomize_v2_CL
145368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AMd9f756b15717c0f721b3d6bc4a769dab9dbf3a283/7/2023, 11:39:40.905 PM5/2/2023, 12:41:51.337 AM[ { "id": "7ab18be02ddd9457aae27ae70625a078242de94e", "name": "privesc-AssumeRole-ending-role", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role privesc-AssumeRole-ending-role was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/d9f756b15717c0f721b3d6bc4a769dab9dbf3a28Authomize_v2_CL
146368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AM5c10577815b0691960e98f9d15a35e2fa33f91a53/7/2023, 11:39:40.899 PM5/2/2023, 12:41:51.338 AM[ { "id": "a80fdf41855aaa5aaf374a5c816f3fc33357a600", "name": "AWSControlTowerExecution", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role AWSControlTowerExecution was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/5c10577815b0691960e98f9d15a35e2fa33f91a5Authomize_v2_CL
147368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AM77eb5c78844d2c36acf101a77f88e45c3a68fc733/7/2023, 11:39:40.892 PM5/2/2023, 12:41:51.338 AM[ { "id": "7f018469507d78e633a502dd29993b1787d6ad5a", "name": "AuthomizeAdministrator", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role AuthomizeAdministrator was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/77eb5c78844d2c36acf101a77f88e45c3a68fc73Authomize_v2_CL
148368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AM04d7db2d9cf2a47f9a078d755255b0f3b5aed3e13/7/2023, 11:39:40.871 PM5/2/2023, 12:41:51.338 AM[ { "id": "aab32332006d7360590a4dfab80ca51894311471", "name": "site-reliability-engineering-role", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role site-reliability-engineering-role was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/04d7db2d9cf2a47f9a078d755255b0f3b5aed3e1Authomize_v2_CL
149368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AMa25c70b587a9f7429c6610113bfc94cecad8d25e3/7/2023, 11:39:40.865 PM5/2/2023, 12:41:51.337 AM[ { "id": "b8e0bbe3f7f97a34821108a6b1d2f2cba6ad5607", "name": "OrganizationAccountAccessRole", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role OrganizationAccountAccessRole was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/a25c70b587a9f7429c6610113bfc94cecad8d25eAuthomize_v2_CL
150368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AMb9320f38ec60b4231453ce4408c8d89859454cbd3/7/2023, 11:39:40.859 PM5/2/2023, 12:41:51.339 AM[ { "id": "419a36f4a31c6e3a28f7ff4c83ffe4e64ec82145", "name": "privesc-high-priv-service-role", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role privesc-high-priv-service-role was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/b9320f38ec60b4231453ce4408c8d89859454cbdAuthomize_v2_CL
151368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:30.480 AM04467cb53d96c954ec8f6e657f96841683b0086e3/7/2023, 11:39:40.852 PM5/2/2023, 12:41:51.337 AM[ { "id": "b87a3769c0646fbf60607c77a0c8ebf7afe204e2", "name": "manage_iam", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[ "Initial Access", "Privilege Escalation" ][ { "values": [ "IAM-10" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" } ][]OpenHigh9172319847991723198479AWS role with admin privileges88391696752Validate any new role creation and make sure it's part of the business cycle. If needed access the AWS console and remove the role.AWS Admin Identity role manage_iam was created in AWS.falsehttps://msftriskyuser.authomize.com/incidents/04467cb53d96c954ec8f6e657f96841683b0086eAuthomize_v2_CL
152368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AM5e567952bc02c72b464d71803aaedfc3eb32eda73/6/2023, 11:40:39.642 PM5/2/2023, 12:41:21.559 AM[ { "id": "7d29c7098089bb98af2c51a3e21f1ed7ac4ef1be", "name": "AmazonSSMManagedInstanceCore", "object": "asset", "originId": null, "originType": "PolicyResource" }, { "id": "419a36f4a31c6e3a28f7ff4c83ffe4e64ec82145", "name": "privesc-high-priv-service-role", "object": "identity", "email": null }, { "id": "d82020eb55aec9894fa6ca08435c95833972182c", "name": "privesc-high-priv-service-role", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319673191723196731Stale IAAS policy attachment to role88391681312Unused policies should be detached from privesc-high-priv-service-roleprivesc-high-priv-service-role hasn't used the Policy AmazonSSMManagedInstanceCore during the past 30 days.falsehttps://msftriskyuser.authomize.com/incidents/5e567952bc02c72b464d71803aaedfc3eb32eda7Authomize_v2_CL
153368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AMdc410b38351fc34763632a0f06bc8c71b61a681b3/6/2023, 11:40:34.602 PM5/2/2023, 12:41:20.129 AM[ { "id": "289913f8294a9a91eea3c09925c324e2634c6e04", "name": "privesc1-CreateNewPolicyVersion", "object": "asset", "originId": null, "originType": "PolicyResource" }, { "id": "bf2be9d8713021d095f0f043f73a9234ca5ed1cc", "name": "manage-policies", "object": "identity", "email": null }, { "id": "e6e32bbaf67cca161b0a1e605f9bed3abad4de5c", "name": "manage-policies", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319598391723195983Stale AWS policy attachment to identity88391681312Unused policies should be detached from manage-policiesmanage-policies hasn't used the Policy privesc1-CreateNewPolicyVersion during the past 30 days.falsehttps://msftriskyuser.authomize.com/incidents/dc410b38351fc34763632a0f06bc8c71b61a681bAuthomize_v2_CL
154368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AMa50a03fe9a94c5b09d00360eee9bca9ab6e9ce653/6/2023, 11:40:34.595 PM5/2/2023, 12:41:20.128 AM[ { "id": "17e6cc88313de9b78e9c9294f61fef08f9e4500f", "name": "IAMlistRolesAccounts", "object": "asset", "originId": null, "originType": "PolicyResource" }, { "id": "725737663b035a749c31dd80746bf014d1847f00", "name": "OktaSSOuser", "object": "identity", "email": null }, { "id": "0d3e83d83fccaa6ffd8546123f0865497b73cccf", "name": "OktaSSOuser", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319598391723195983Stale AWS policy attachment to identity88391681312Unused policies should be detached from OktaSSOuserOktaSSOuser hasn't used the Policy IAMlistRolesAccounts during the past 30 days.falsehttps://msftriskyuser.authomize.com/incidents/a50a03fe9a94c5b09d00360eee9bca9ab6e9ce65Authomize_v2_CL
155368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AMd74e154cbcd267863ad5c48362c4dce8914386e63/6/2023, 11:40:34.585 PM5/2/2023, 12:41:20.128 AM[ { "id": "bb786de8906e3dfad445d7d07466796ebb50eb1b", "name": "privesc15-PassExistingRoleToNewLambdaThenInvoke", "object": "asset", "originId": null, "originType": "PolicyResource" }, { "id": "2cee0622e84e4f94a1f24fc77499544568f77d30", "name": "lambda-func-support", "object": "identity", "email": null }, { "id": "fe16ab49a795d70edacfdf439cc0752db26edd6a", "name": "lambda-func-support", "object": "account", "originId": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319598391723195983Stale AWS policy attachment to identity88391681312Unused policies should be detached from lambda-func-supportlambda-func-support hasn't used the Policy privesc15-PassExistingRoleToNewLambdaThenInvoke during the past 30 days.falsehttps://msftriskyuser.authomize.com/incidents/d74e154cbcd267863ad5c48362c4dce8914386e6Authomize_v2_CL
156368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AMabb89329fbbeef5eba3fd18ef8b73ed5f09b3b523/6/2023, 11:40:29.755 PM5/2/2023, 12:41:18.459 AM[ { "id": "a2759a42abaeff2c8d666658ff7d13841150277d", "name": "mount_secret_job_policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 291883359082, or the way you manage user assignment to rolesRemove the policy mount_secret_job_policy completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy mount_secret_job_policy haven't been used during the last 30 days in account 291883359082, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/abb89329fbbeef5eba3fd18ef8b73ed5f09b3b52Authomize_v2_CL
157368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AM68571dfba620fc70c325fa20d3cb45ae8c51d1713/6/2023, 11:40:29.745 PM5/2/2023, 12:41:18.460 AM[ { "id": "dc007a611e29f71988e312d277c9f8f7eb3e503d", "name": "csi_driver_policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 291883359082, or the way you manage user assignment to rolesRemove the policy csi_driver_policy completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy csi_driver_policy haven't been used during the last 30 days in account 291883359082, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/68571dfba620fc70c325fa20d3cb45ae8c51d171Authomize_v2_CL
158368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AMfd8112a800b184a03e961f25bb5f70a6e1455e703/6/2023, 11:40:29.739 PM5/2/2023, 12:41:18.460 AM[ { "id": "7b79a12d8ee42b00f12725c3fc67fe3f4d865eda", "name": "argocd-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 291883359082, or the way you manage user assignment to rolesRemove the policy argocd-policy completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy argocd-policy haven't been used during the last 30 days in account 291883359082, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/fd8112a800b184a03e961f25bb5f70a6e1455e70Authomize_v2_CL
159368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AM0b40d230b1663617734e45f8a9e02c919ee8b3eb3/6/2023, 11:40:29.733 PM5/2/2023, 12:41:18.459 AM[ { "id": "f857df2d21bfff1a3eaeff0e5ee21a8948a7ad0e", "name": "jumpbox_policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 291883359082, or the way you manage user assignment to rolesRemove the policy jumpbox_policy completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy jumpbox_policy haven't been used during the last 30 days in account 291883359082, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/0b40d230b1663617734e45f8a9e02c919ee8b3ebAuthomize_v2_CL
160368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AM14810114f8e8608a02f3e566a1ecac0d25d892cf3/6/2023, 11:40:29.723 PM5/2/2023, 12:41:18.458 AM[ { "id": "4dd4b0d1c39a1a934bcc5026368d7f187e9f43db", "name": "authomize-jenkins-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 291883359082, or the way you manage user assignment to rolesRemove the policy authomize-jenkins-policy completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy authomize-jenkins-policy haven't been used during the last 30 days in account 291883359082, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/14810114f8e8608a02f3e566a1ecac0d25d892cfAuthomize_v2_CL
161368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:33.513 AM7c392962781c5a949421a81783ed1923b45733583/6/2023, 11:40:29.707 PM5/2/2023, 12:41:18.460 AM[ { "id": "f0e2e3faf45f5a71b75d78d6f153fd2fa30dc032", "name": "monitoring_policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 291883359082, or the way you manage user assignment to rolesRemove the policy monitoring_policy completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy monitoring_policy haven't been used during the last 30 days in account 291883359082, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/7c392962781c5a949421a81783ed1923b4573358Authomize_v2_CL
162368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AM10027b10a6c6a488f647c21cdb27e9bbf92ba45d3/6/2023, 11:40:29.699 PM5/2/2023, 12:41:18.459 AM[ { "id": "17e6cc88313de9b78e9c9294f61fef08f9e4500f", "name": "IAMlistRolesAccounts", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy IAMlistRolesAccounts completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy IAMlistRolesAccounts haven't been used during the last 30 days in account 071186405907, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/10027b10a6c6a488f647c21cdb27e9bbf92ba45dAuthomize_v2_CL
163368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AM427a6fcfcfa599854e5336ca8dc8278c4e00f3a43/6/2023, 11:40:29.678 PM5/2/2023, 12:41:18.459 AM[ { "id": "12e9434dbaf78fc54f667d6ceb570a95a9b0a463", "name": "allow-pass-role", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy allow-pass-role completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy allow-pass-role haven't been used during the last 30 days in account 071186405907, the policy is attached to 3 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/427a6fcfcfa599854e5336ca8dc8278c4e00f3a4Authomize_v2_CL
164368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AMa42ea750e8b225e28b5c52230a2f6e58804024ca3/6/2023, 11:40:29.671 PM5/2/2023, 12:41:18.459 AM[ { "id": "289913f8294a9a91eea3c09925c324e2634c6e04", "name": "privesc1-CreateNewPolicyVersion", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy privesc1-CreateNewPolicyVersion completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy privesc1-CreateNewPolicyVersion haven't been used during the last 30 days in account 071186405907, the policy is attached to 2 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/a42ea750e8b225e28b5c52230a2f6e58804024caAuthomize_v2_CL
165368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AMf80a685fd0b1c52f7eb7bb8974a524a1ca7204a13/6/2023, 11:40:29.665 PM5/2/2023, 12:41:18.459 AM[ { "id": "7bf141d4c7d9e848e4bbe7221618117dbc4ffcfc", "name": "privesc-high-priv-service-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy privesc-high-priv-service-policy completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy privesc-high-priv-service-policy haven't been used during the last 30 days in account 071186405907, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/f80a685fd0b1c52f7eb7bb8974a524a1ca7204a1Authomize_v2_CL
166368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AM7087ca929b842f036820fe6c93ac9342407627bc3/6/2023, 11:40:29.659 PM5/2/2023, 12:41:18.460 AM[ { "id": "c7a0ad09d8e61ea968d3562c459965a4f147adef", "name": "admin-priv", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy admin-priv completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy admin-priv haven't been used during the last 30 days in account 071186405907, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/7087ca929b842f036820fe6c93ac9342407627bcAuthomize_v2_CL
167368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AM8f15c98763f6efe465ec4b0790814b598464a7a13/6/2023, 11:40:29.619 PM5/2/2023, 12:41:18.459 AM[ { "id": "bb786de8906e3dfad445d7d07466796ebb50eb1b", "name": "privesc15-PassExistingRoleToNewLambdaThenInvoke", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy privesc15-PassExistingRoleToNewLambdaThenInvoke completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy privesc15-PassExistingRoleToNewLambdaThenInvoke haven't been used during the last 30 days in account 071186405907, the policy is attached to 2 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/8f15c98763f6efe465ec4b0790814b598464a7a1Authomize_v2_CL
168368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AM95d68246ee41bc2f303c9278f6091e61a58909933/6/2023, 11:40:29.609 PM5/2/2023, 12:41:18.458 AM[ { "id": "2637e1d6674209b04deb80fc8ebac67bd02f024b", "name": "assume-admin-role", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy assume-admin-role completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy assume-admin-role haven't been used during the last 30 days in account 071186405907, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/95d68246ee41bc2f303c9278f6091e61a5890993Authomize_v2_CL
169368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AMa6e4d322b22418afdf2698d9af7c6f91df10def53/6/2023, 11:40:29.603 PM5/2/2023, 12:41:18.459 AM[ { "id": "04c8b99fc389ce9a429a970f5adb9df182199431", "name": "iam_admin", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy iam_admin completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy iam_admin haven't been used during the last 30 days in account 071186405907, the policy is attached to 2 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/a6e4d322b22418afdf2698d9af7c6f91df10def5Authomize_v2_CL
170368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AM81b1f79ad612a8472d45aaa0e360aefff2c36aca3/6/2023, 11:40:29.587 PM5/2/2023, 12:41:18.459 AM[ { "id": "844a59bcacd070e3e47759024aca96b5d6f05353", "name": "site-reliability-engineering", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy site-reliability-engineering completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy site-reliability-engineering haven't been used during the last 30 days in account 071186405907, the policy is attached to 2 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/81b1f79ad612a8472d45aaa0e360aefff2c36acaAuthomize_v2_CL
171368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.071 AM7957dba40309d9c6f1d6337d1df0c916fbfe5cb73/6/2023, 11:40:29.575 PM5/2/2023, 12:41:18.460 AM[ { "id": "05096bd26f6118e7f0b93bfd37a9a955d1197518", "name": "run-ec2-instances", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy run-ec2-instances completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy run-ec2-instances haven't been used during the last 30 days in account 071186405907, the policy is attached to 2 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/7957dba40309d9c6f1d6337d1df0c916fbfe5cb7Authomize_v2_CL
172368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM31268b0969aff0de03825871a5d33902c5bed1e33/6/2023, 11:40:29.564 PM5/2/2023, 12:41:18.458 AM[ { "id": "1416aeae90186286c0c23cfe54331f3e6db256ee", "name": "trust_policy_for_empty_assume_role", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Least Privilege[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319506691723195066Unused IaaS Policy88391682078Go to AWS console, access account 071186405907, or the way you manage user assignment to rolesRemove the policy trust_policy_for_empty_assume_role completely or remove if from any identity that has access to it (the list can be found in our identity page)The policy trust_policy_for_empty_assume_role haven't been used during the last 30 days in account 071186405907, the policy is attached to 1 identitiesfalsehttps://msftriskyuser.authomize.com/incidents/31268b0969aff0de03825871a5d33902c5bed1e3Authomize_v2_CL
173368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM91f881e8588cbb26f5c35273585f50e3360b5f133/6/2023, 11:40:24.772 PM5/2/2023, 12:41:10.566 AM[ { "id": "94e6fb9f06d851fca4a6342c3eaec0cce38a4806", "name": "AssumeAnyRole", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy AssumeAnyRole is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/91f881e8588cbb26f5c35273585f50e3360b5f13Authomize_v2_CL
174368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM6ab791930df659941d858066e725767b116bc7143/6/2023, 11:40:24.763 PM5/2/2023, 12:41:10.565 AM[ { "id": "2fb0de8b8bf6a2b98ac7073a075342218f4e6fee", "name": "assume_role_user_lister", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy assume_role_user_lister is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/6ab791930df659941d858066e725767b116bc714Authomize_v2_CL
175368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM9630fdd50e89cf0093d56b93aa3778733c048c003/6/2023, 11:40:24.753 PM5/2/2023, 12:41:10.565 AM[ { "id": "7e55583466701f3f1b8bcf23aeb025424796243f", "name": "SingleRoleAssue", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy SingleRoleAssue is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/9630fdd50e89cf0093d56b93aa3778733c048c00Authomize_v2_CL
176368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM774018ea25a934ff992ce10dab37dafae89101fb3/6/2023, 11:40:24.744 PM5/2/2023, 12:41:10.565 AM[ { "id": "3e68b64bfd2ba8d7205e3361d598b23692776f30", "name": "limitfiverr", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy limitfiverr is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/774018ea25a934ff992ce10dab37dafae89101fbAuthomize_v2_CL
177368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM0391d52c0b5b993cc69c7fa59f71b0131aa69c613/6/2023, 11:40:24.734 PM5/2/2023, 12:41:10.566 AM[ { "id": "a6359d5ca9e4a97c361719f49d7db9add722f71c", "name": "ram_list_resources", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy ram_list_resources is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/0391d52c0b5b993cc69c7fa59f71b0131aa69c61Authomize_v2_CL
178368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM10bb250af6005cd1bcca5eda0fc1bdb81596027a3/6/2023, 11:40:24.727 PM5/2/2023, 12:41:10.565 AM[ { "id": "e6987336220dd33584ff7475bee1ab54e34e0184", "name": "OktaMasterAccountPolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy OktaMasterAccountPolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/10bb250af6005cd1bcca5eda0fc1bdb81596027aAuthomize_v2_CL
179368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM108c2df128bce4109708f77b885cdc4ebd54e4013/6/2023, 11:40:24.715 PM5/2/2023, 12:41:10.566 AM[ { "id": "631d5fc888b97043e825b91514f683ed2c249e77", "name": "EXP", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy EXP is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/108c2df128bce4109708f77b885cdc4ebd54e401Authomize_v2_CL
180368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM4bbc8ef8c44b5358a762ada0151ec38f4ff6e6733/6/2023, 11:40:24.706 PM5/2/2023, 12:41:10.566 AM[ { "id": "3962e254167271d2277e30be117a31d594c477e0", "name": "UserPolicyAttacher", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy UserPolicyAttacher is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/4bbc8ef8c44b5358a762ada0151ec38f4ff6e673Authomize_v2_CL
181368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:35.767 AM8a2007628804a462c44246b0122fba5940969e203/6/2023, 11:40:24.695 PM5/2/2023, 12:41:10.566 AM[ { "id": "4945f361807cd1c186d79cadc9de41033e2e5499", "name": "NamedGroupPermissionManager", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy NamedGroupPermissionManager is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/8a2007628804a462c44246b0122fba5940969e20Authomize_v2_CL
182368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AM6a7f0c02d7c939392b6df6b8a4ebd93da035914d3/6/2023, 11:40:24.679 PM5/2/2023, 12:41:10.566 AM[ { "id": "a77c75c59ab5018635f4ddfb19d88d22cbb89f3b", "name": "assume_all_roles", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy assume_all_roles is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/6a7f0c02d7c939392b6df6b8a4ebd93da035914dAuthomize_v2_CL
183368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AMecfe31419d4532cc756383c3596763616f7006413/6/2023, 11:40:24.669 PM5/2/2023, 12:41:10.565 AM[ { "id": "d44c62a3cd37182adec884a1d67ca22db4837b76", "name": "ALBIngressControllerIAMPolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy ALBIngressControllerIAMPolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/ecfe31419d4532cc756383c3596763616f700641Authomize_v2_CL
184368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AM5ae2509d51eabf5555e7e8604f2ac617ff3959a53/6/2023, 11:40:24.663 PM5/2/2023, 12:41:10.566 AM[ { "id": "643e13ad00cfd39c99fbe6357102b8f26b133b20", "name": "ingressController-iam-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy ingressController-iam-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/5ae2509d51eabf5555e7e8604f2ac617ff3959a5Authomize_v2_CL
185368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AM5f6e8ba92f84a2354dc12aa993a49ad6c610c9c13/6/2023, 11:40:24.653 PM5/2/2023, 12:41:10.565 AM[ { "id": "88d511eab55ea61fcf68899fd2cf908422278ad8", "name": "ECR-Public-Read", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy ECR-Public-Read is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/5f6e8ba92f84a2354dc12aa993a49ad6c610c9c1Authomize_v2_CL
186368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AM4e84c6a5001c60119b9a06ee1e8df58775541a0a3/6/2023, 11:40:24.643 PM5/2/2023, 12:41:10.566 AM[ { "id": "6e99ee0a4102da4da954a2e98e4e318d4604c83b", "name": "NamedGroupsEditPolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy NamedGroupsEditPolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/4e84c6a5001c60119b9a06ee1e8df58775541a0aAuthomize_v2_CL
187368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AM1e13d1add8b7ae9ec6b8446ae9d6e1ee6e89b61e3/6/2023, 11:40:24.638 PM5/2/2023, 12:41:10.566 AM[ { "id": "07380f246cab87c62e632cc1b1faa3151deb60ba", "name": "ASG-Policy-For-Worker", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy ASG-Policy-For-Worker is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/1e13d1add8b7ae9ec6b8446ae9d6e1ee6e89b61eAuthomize_v2_CL
188368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AM1a093553e9212e51ae10bde42a384b59d038f6423/6/2023, 11:40:24.629 PM5/2/2023, 12:41:10.566 AM[ { "id": "eaec63f3d517b41633859943351852f93d40c2a2", "name": "ECR-Privvate-Read", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy ECR-Privvate-Read is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/1a093553e9212e51ae10bde42a384b59d038f642Authomize_v2_CL
189368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AMaf51f28cfec83f294e0b51ad142a72b5287143223/6/2023, 11:40:24.623 PM5/2/2023, 12:41:10.566 AM[ { "id": "202c0a7bd2f8948fadb9e13c27b1d8be15c99ecb", "name": "access", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy access is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/af51f28cfec83f294e0b51ad142a72b528714322Authomize_v2_CL
190368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AM61c3a7ce6f20d69f89a4d91ff5d100cc996fca4a3/6/2023, 11:40:24.616 PM5/2/2023, 12:41:10.565 AM[ { "id": "889c2f0a337ec21ca973f42deec14ccbb0a46f0d", "name": "RolePolicyAttacher", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy RolePolicyAttacher is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/61c3a7ce6f20d69f89a4d91ff5d100cc996fca4aAuthomize_v2_CL
191368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:37.071 AMda61799106dbb5cb09609a1317e845cd5bb13de83/6/2023, 11:40:24.609 PM5/2/2023, 12:41:10.564 AM[ { "id": "2adb13643a2fd9f3f14bde8aec9db3db77d11eb0", "name": "test_ec2_policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy test_ec2_policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/da61799106dbb5cb09609a1317e845cd5bb13de8Authomize_v2_CL
192368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AMf80508e14d5e7e3923bc7f91f91818eca04079b33/6/2023, 11:40:24.600 PM5/2/2023, 12:41:10.564 AM[ { "id": "f39dfeb11fca74e3116bc12be1d2f3f926bb4ba8", "name": "privesc21-PassExistingRoleToNewDataPipeline", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc21-PassExistingRoleToNewDataPipeline is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/f80508e14d5e7e3923bc7f91f91818eca04079b3Authomize_v2_CL
193368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AMbf700f07c895b3587c35add251dfcc57011cecbb3/6/2023, 11:40:24.594 PM5/2/2023, 12:41:10.566 AM[ { "id": "c3e8ecd135424d3b9c508d0e930874a03c707dec", "name": "privesc14-UpdatingAssumeRolePolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc14-UpdatingAssumeRolePolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/bf700f07c895b3587c35add251dfcc57011cecbbAuthomize_v2_CL
194368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AMe864f70ba849c100ec0ec5b3ea6eaaf6a9251da13/6/2023, 11:40:24.583 PM5/2/2023, 12:41:10.565 AM[ { "id": "336bcc6b56724bd5a4f326a944675f1a8eb0755b", "name": "privesc16-PassRoleToNewLambdaThenTriggerWithNewDynamo", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc16-PassRoleToNewLambdaThenTriggerWithNewDynamo is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/e864f70ba849c100ec0ec5b3ea6eaaf6a9251da1Authomize_v2_CL
195368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AMc0249f21c273a75973a603ff441be4bb443d6f363/6/2023, 11:40:24.575 PM5/2/2023, 12:41:10.566 AM[ { "id": "f1a446520920356c69c8e26786f737fee1eea214", "name": "privesc2-SetExistingDefaultPolicyVersion", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc2-SetExistingDefaultPolicyVersion is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/c0249f21c273a75973a603ff441be4bb443d6f36Authomize_v2_CL
196368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AM570535c84a8f73ac08e35858a77dac7bbeacc0233/6/2023, 11:40:24.569 PM5/2/2023, 12:41:10.566 AM[ { "id": "0459ec13b41db57dfdff472abe0c419b313e4b1e", "name": "privesc18-PassExistingRoleToNewGlueDevEndpoint", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc18-PassExistingRoleToNewGlueDevEndpoint is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/570535c84a8f73ac08e35858a77dac7bbeacc023Authomize_v2_CL
197368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AMf326f3fa06c2526eff714c3ad6a4baf01ec2c2203/6/2023, 11:40:24.563 PM5/2/2023, 12:41:10.565 AM[ { "id": "fa6557c3fe693af455ed653406d23238e3c1e306", "name": "allow-ec2-connection-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy allow-ec2-connection-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/f326f3fa06c2526eff714c3ad6a4baf01ec2c220Authomize_v2_CL
198368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AM786d92b788966c9d571dc667f759021a7874ea293/6/2023, 11:40:24.558 PM5/2/2023, 12:41:10.565 AM[ { "id": "e33b7a3dcf6e35d27bb2b90a25d1aa80c3e53ab7", "name": "fn4-exploitableNotAction", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy fn4-exploitableNotAction is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/786d92b788966c9d571dc667f759021a7874ea29Authomize_v2_CL
199368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AM62a0ba10aa020eb0000b7d5d08df30302f979d563/6/2023, 11:40:24.552 PM5/2/2023, 12:41:10.564 AM[ { "id": "4cb81b74f6a2c47ee9b6c79332abab6bc5d78ed7", "name": "privesc-sageMakerCreatePresignedNotebookURL-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc-sageMakerCreatePresignedNotebookURL-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/62a0ba10aa020eb0000b7d5d08df30302f979d56Authomize_v2_CL
200368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AM5538c95091ad5a41f777898989f6fe048d8ebd183/6/2023, 11:40:24.545 PM5/2/2023, 12:41:10.564 AM[ { "id": "6e8ca22b022d4ff402662707a867f395acc95919", "name": "fn2-exploitableResourceConstraint", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy fn2-exploitableResourceConstraint is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/5538c95091ad5a41f777898989f6fe048d8ebd18Authomize_v2_CL
201368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:38.461 AMe2f07a8fdd896007e4b1f911221f97e926b782713/6/2023, 11:40:24.538 PM5/2/2023, 12:41:10.564 AM[ { "id": "0afd80657a46a13500cb9decc7a834b5d86c5c9b", "name": "privesc12-PutRolePolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc12-PutRolePolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/e2f07a8fdd896007e4b1f911221f97e926b78271Authomize_v2_CL
202368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AM61eafffa6c6f1a26cde596ad510a1856962decb23/6/2023, 11:40:24.527 PM5/2/2023, 12:41:10.564 AM[ { "id": "ba0985c76e6ae5734da778d25afc52e38767bd31", "name": "privesc9-AttachRolePolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc9-AttachRolePolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/61eafffa6c6f1a26cde596ad510a1856962decb2Authomize_v2_CL
203368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AMedcae24863caa368dfd698645d2edc2bb8ee8a493/6/2023, 11:40:24.519 PM5/2/2023, 12:41:10.564 AM[ { "id": "3f37bbf4634032626d4cd04a049eeebebb07e057", "name": "allow-attaching-group-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy allow-attaching-group-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/edcae24863caa368dfd698645d2edc2bb8ee8a49Authomize_v2_CL
204368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AM7e03c2b9e314f1c738f331b45ca42ce6683558fd3/6/2023, 11:40:24.510 PM5/2/2023, 12:41:10.565 AM[ { "id": "54c76281d3e30961863d8f56620d8c5ecef4eb73", "name": "attach-role-to-user", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy attach-role-to-user is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/7e03c2b9e314f1c738f331b45ca42ce6683558fdAuthomize_v2_CL
205368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AM590d2ca3d5db919e14be7e8e3f85e305ff5ac7f03/6/2023, 11:40:24.503 PM5/2/2023, 12:41:10.566 AM[ { "id": "2608273e98a170f50b473b260dac619c9da9b42b", "name": "privesc3-CreateEC2WithExistingInstanceProfile", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc3-CreateEC2WithExistingInstanceProfile is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/590d2ca3d5db919e14be7e8e3f85e305ff5ac7f0Authomize_v2_CL
206368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AM157bbb8855f7362f590ee836f9b23e02e4b214f73/6/2023, 11:40:24.491 PM5/2/2023, 12:41:10.566 AM[ { "id": "4648e13068f749c36e268488e838e777c2035978", "name": "fp4-nonExploitableResourceConstraint", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy fp4-nonExploitableResourceConstraint is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/157bbb8855f7362f590ee836f9b23e02e4b214f7Authomize_v2_CL
207368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AMd1fa4a5755dec5feca872f3c134641c8df3dbd903/6/2023, 11:40:24.477 PM5/2/2023, 12:41:10.566 AM[ { "id": "5372b8ab7c06a3c604f8484c7509bcc7b3b0cbd4", "name": "privesc-sageMakerCreateProcessingJobPassRole-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc-sageMakerCreateProcessingJobPassRole-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/d1fa4a5755dec5feca872f3c134641c8df3dbd90Authomize_v2_CL
208368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AM01d383fb3b5275ca7f2ab284b487cc43dc3460d13/6/2023, 11:40:24.470 PM5/2/2023, 12:41:10.565 AM[ { "id": "38b90880fbbf131a2230eafe80609923f11448d0", "name": "privesc19-UpdateExistingGlueDevEndpoint", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc19-UpdateExistingGlueDevEndpoint is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/01d383fb3b5275ca7f2ab284b487cc43dc3460d1Authomize_v2_CL
209368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AM54c8f5b903fe3a9c84dbbd31f3b0125d829a2abd3/6/2023, 11:40:24.463 PM5/2/2023, 12:41:10.564 AM[ { "id": "6675a9d9f66cfd3eb3a96ab0a52417600ac7f0cc", "name": "create-access-keys", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy create-access-keys is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/54c8f5b903fe3a9c84dbbd31f3b0125d829a2abdAuthomize_v2_CL
210368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AMdb6851995dc0dee42871bec59fd02ed4a5ff85003/6/2023, 11:40:24.455 PM5/2/2023, 12:41:10.564 AM[ { "id": "7e53c3fa7e29d1393a4b8dee742523231e53118b", "name": "privesc17-EditExistingLambdaFunctionWithRole", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc17-EditExistingLambdaFunctionWithRole is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/db6851995dc0dee42871bec59fd02ed4a5ff8500Authomize_v2_CL
211368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:39.458 AM445deea8d90d5c6790b575fdc5bd9a25d288e3d23/6/2023, 11:40:24.447 PM5/2/2023, 12:41:10.564 AM[ { "id": "fcdc1ca6686c86d58dc2af2b40c67b0988721d1c", "name": "privesc-sageMakerCreateTrainingJobPassRole-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc-sageMakerCreateTrainingJobPassRole-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/445deea8d90d5c6790b575fdc5bd9a25d288e3d2Authomize_v2_CL
212368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AMc33d7cc37d015addee42f31e920a4dd51e0e4c193/6/2023, 11:40:24.435 PM5/2/2023, 12:41:10.566 AM[ { "id": "a6bffe66d5d9072a8a786795e098f482fc15f327", "name": "privesc-CloudFormationUpdateStack", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc-CloudFormationUpdateStack is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/c33d7cc37d015addee42f31e920a4dd51e0e4c19Authomize_v2_CL
213368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AM041e3026fd1d5374d997cf0b66ee18d0df0967b73/6/2023, 11:40:24.419 PM5/2/2023, 12:41:10.566 AM[ { "id": "d9b3cfcdfca7369d0ad3decbd61d3c1679266295", "name": "privesc-ssmStartSession-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc-ssmStartSession-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/041e3026fd1d5374d997cf0b66ee18d0df0967b7Authomize_v2_CL
214368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AMe412222cc4542b5795b4131f29444701090e92e33/6/2023, 11:40:24.412 PM5/2/2023, 12:41:10.564 AM[ { "id": "764d204cd3e35923dd11eac6d5af2da5c2bccaac", "name": "privesc-sageMakerCreateNotebookPassRole-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc-sageMakerCreateNotebookPassRole-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/e412222cc4542b5795b4131f29444701090e92e3Authomize_v2_CL
215368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AM989657ac4b458f30760eaac2cb55086f13d5ad383/6/2023, 11:40:24.406 PM5/2/2023, 12:41:10.565 AM[ { "id": "56b31e48a5454a5f93e287e782ea23c157ab74a6", "name": "privesc13-AddUserToGroup", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc13-AddUserToGroup is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/989657ac4b458f30760eaac2cb55086f13d5ad38Authomize_v2_CL
216368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AM7f77cc3bca5f1523214345816c61af46adb062a23/6/2023, 11:40:24.394 PM5/2/2023, 12:41:10.565 AM[ { "id": "dfb45cbf132af73decf83b3b2c5b129138eecab6", "name": "fp5-nonExploitableConditionConstraint", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy fp5-nonExploitableConditionConstraint is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/7f77cc3bca5f1523214345816c61af46adb062a2Authomize_v2_CL
217368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AMd764940905162756577c5b99e6858f39d54065c33/6/2023, 11:40:24.383 PM5/2/2023, 12:41:10.566 AM[ { "id": "5ff083fb125858b500ed19c5236735f102245c55", "name": "privesc-codeBuildCreateProjectPassRole-policy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc-codeBuildCreateProjectPassRole-policy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/d764940905162756577c5b99e6858f39d54065c3Authomize_v2_CL
218368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AMdedb154170ad186b12a7c7ff6cfdc664fae23bec3/6/2023, 11:40:24.373 PM5/2/2023, 12:41:10.564 AM[ { "id": "907618a03fae8ab142b12f70a0814ad9b581647b", "name": "rndGroup", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy rndGroup is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/dedb154170ad186b12a7c7ff6cfdc664fae23becAuthomize_v2_CL
219368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AM0fc94da3978171868c9ef3b78fcea9072de7ffec3/6/2023, 11:40:24.367 PM5/2/2023, 12:41:10.565 AM[ { "id": "8b96d0a6d33a372093a7805d013ea0dcf9cf6049", "name": "privesc10-PutUserPolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc10-PutUserPolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/0fc94da3978171868c9ef3b78fcea9072de7ffecAuthomize_v2_CL
220368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AM14ac67a0b2da26af8e703c9bbd2722ec64fd480b3/6/2023, 11:40:24.356 PM5/2/2023, 12:41:10.565 AM[ { "id": "dccbdcd8d0e3be76498a70f58fa383331fe9c1da", "name": "privesc11-PutGroupPolicy", "object": "asset", "originId": null, "originType": "PolicyResource" } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Misconfiguration[ "Initial Access", "Privilege Escalation" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-05" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-08" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenLow9172319271191723192711IaaS policy not attached to any identity88391680491It is recommended to delete the detached policy to reduce the potential risk of an insider threat or in case of an attack.User defined AWS policy privesc11-PutGroupPolicy is not attached to any identity (User, Group or Role).falsehttps://msftriskyuser.authomize.com/incidents/14ac67a0b2da26af8e703c9bbd2722ec64fd480bAuthomize_v2_CL
221368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:40.415 AM39fa19610a14b57db0b18ae7b314a4283bd229333/6/2023, 11:40:18.948 PM5/2/2023, 12:41:13.705 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user AuthomizeCustomerRoleAssumer was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/39fa19610a14b57db0b18ae7b314a4283bd22933Authomize_v2_CL
222368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AM30ec975e87c20a08ca4c4e3e5b82b3ec027a20503/6/2023, 11:36:42.350 PM5/2/2023, 12:34:25.595 AM[ { "id": "9cc92bab3b013e0b94caf1e21ec49f1dde3cf0d6", "name": "rnd-instance-managment", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.rnd-instance-managment's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/30ec975e87c20a08ca4c4e3e5b82b3ec027a2050Authomize_v2_CL
223368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AM4c1f7b64ed843b0926f942006d6bdbae1ac683313/6/2023, 11:36:42.339 PM5/2/2023, 12:34:25.595 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.cli user's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/4c1f7b64ed843b0926f942006d6bdbae1ac68331Authomize_v2_CL
224368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AMa69fc53f9ae6975cf5db19d8cb1b71af5bd3e7c93/6/2023, 11:36:42.327 PM5/2/2023, 12:34:25.593 AM[ { "id": "04d5be4fda16548fdc0b0c7a20701cc4a108a769", "name": "AuthomizeCustomerRoleAssumer", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.AuthomizeCustomerRoleAssumer's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/a69fc53f9ae6975cf5db19d8cb1b71af5bd3e7c9Authomize_v2_CL
225368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AM776ab648e18d953a911aae8108664bd20c9088b03/6/2023, 11:36:42.314 PM5/2/2023, 12:34:25.593 AM[ { "id": "6147e2cb17bb389c1d97e274e0e844d1a30f3763", "name": "rnd-management", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.rnd-management's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/776ab648e18d953a911aae8108664bd20c9088b0Authomize_v2_CL
226368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AM95714d0180599afd9f0c53467108cf8aecc3ba3d3/6/2023, 11:36:42.259 PM5/2/2023, 12:34:25.594 AM[ { "id": "0dc77cd79ca8e4a97c12db8241463a9615d8f7f6", "name": "devop-admin", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.devop-admin's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/95714d0180599afd9f0c53467108cf8aecc3ba3dAuthomize_v2_CL
227368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AM1c551fef10057105b23b1f4527d8bfd7d14d071c3/6/2023, 11:36:42.243 PM5/2/2023, 12:34:25.595 AM[ { "id": "cba1878c0d07a5530b835a9198cd67dd3ab99502", "name": "AuthomizeMasterAccountUser", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.AuthomizeMasterAccountUser's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/1c551fef10057105b23b1f4527d8bfd7d14d071cAuthomize_v2_CL
228368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AM255239611c963d6c3ec77cf172efc0aad778a9343/6/2023, 11:36:42.227 PM5/2/2023, 12:34:25.596 AM[ { "id": "ef1aaecb0869343318c6e4af3e9bfe0326a68d9c", "name": "phillip carpenter@acme com", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.phillip carpenter@acme com's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/255239611c963d6c3ec77cf172efc0aad778a934Authomize_v2_CL
229368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AM09dd26897427301b15c0feee652874027e5bc87e3/6/2023, 11:36:42.219 PM5/2/2023, 12:34:25.594 AM[ { "id": "95fb6c89a1dcd4d27797905a128aee1cef508898", "name": "role chaining user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.role chaining user's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/09dd26897427301b15c0feee652874027e5bc87eAuthomize_v2_CL
230368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AMf57a9e43ff6bfe070a505ea3881d11dce74338433/6/2023, 11:36:42.212 PM5/2/2023, 12:34:25.595 AM[ { "id": "725737663b035a749c31dd80746bf014d1847f00", "name": "OktaSSOuser", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.1.2", "A.9.2.2", "A.9.4.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-05", "IAM-02" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh7470532143674705321436Access to AWS without MFA74701855853Require MFA for all IAM users Require MFA for all users in your IdP. If that is not possible, make sure that those with access to IaaS environments have MFA enabled.OktaSSOuser's AWS account does not have MFA enabledfalsehttps://msftriskyuser.authomize.com/incidents/f57a9e43ff6bfe070a505ea3881d11dce7433843Authomize_v2_CL
231368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:43.186 AMd30fb76dc16e1c18a7bbfab70c6f49d2239b1efb3/6/2023, 8:38:44.202 PM5/2/2023, 12:41:13.706 AM[ { "id": "2cee0622e84e4f94a1f24fc77499544568f77d30", "name": "lambda-func-support", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user lambda-func-support was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/d30fb76dc16e1c18a7bbfab70c6f49d2239b1efbAuthomize_v2_CL
232368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AM14a526a1f08b56c075f0cb449579fe77dd37c4743/6/2023, 8:38:44.197 PM5/2/2023, 12:41:13.705 AM[ { "id": "bf2be9d8713021d095f0f043f73a9234ca5ed1cc", "name": "manage-policies", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user manage-policies was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/14a526a1f08b56c075f0cb449579fe77dd37c474Authomize_v2_CL
233368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AM55217a541115a6f7a4848f9ca22303660a39a6b63/6/2023, 8:38:44.190 PM5/2/2023, 12:41:13.705 AM[ { "id": "b21f017e7fdd4b5079fd2d43dd37ef34b6b8c48b", "name": "kim rice@acme com", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user kim rice@acme com was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/55217a541115a6f7a4848f9ca22303660a39a6b6Authomize_v2_CL
234368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AM0eb679a0e3bf1cad6aea127508e5a63709b5f3103/6/2023, 8:38:44.184 PM5/2/2023, 12:41:13.705 AM[ { "id": "9cc92bab3b013e0b94caf1e21ec49f1dde3cf0d6", "name": "rnd-instance-managment", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user rnd-instance-managment was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/0eb679a0e3bf1cad6aea127508e5a63709b5f310Authomize_v2_CL
235368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AM905a600894718b5457867c79f835dd06c5edee413/6/2023, 8:38:44.178 PM5/2/2023, 12:41:13.706 AM[ { "id": "45497fa17b3f81d87119984b947b48658ba28cf0", "name": "cli user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user cli user was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/905a600894718b5457867c79f835dd06c5edee41Authomize_v2_CL
236368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AM92f1281372193dbb554c513fd05fb0671f3414ad3/6/2023, 8:38:44.171 PM5/2/2023, 12:41:13.706 AM[ { "id": "6147e2cb17bb389c1d97e274e0e844d1a30f3763", "name": "rnd-management", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user rnd-management was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/92f1281372193dbb554c513fd05fb0671f3414adAuthomize_v2_CL
237368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AMffc17506a5d91acda8dc66470040bc361262294f3/6/2023, 8:38:44.165 PM5/2/2023, 12:41:13.704 AM[ { "id": "0dc77cd79ca8e4a97c12db8241463a9615d8f7f6", "name": "devop-admin", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user devop-admin was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/ffc17506a5d91acda8dc66470040bc361262294fAuthomize_v2_CL
238368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AMb866d3b2266d6c4440f76146e5d95077406602ea3/6/2023, 8:38:44.159 PM5/2/2023, 12:41:13.704 AM[ { "id": "ef1aaecb0869343318c6e4af3e9bfe0326a68d9c", "name": "phillip carpenter@acme com", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user phillip carpenter@acme com was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/b866d3b2266d6c4440f76146e5d95077406602eaAuthomize_v2_CL
239368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AMa4c18c14289f657e683cc9a6d1bd523581d350243/6/2023, 8:38:44.153 PM5/2/2023, 12:41:13.706 AM[ { "id": "95fb6c89a1dcd4d27797905a128aee1cef508898", "name": "role chaining user", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user role chaining user was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/a4c18c14289f657e683cc9a6d1bd523581d35024Authomize_v2_CL
240368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AMa9a1ca4f09a05aafc5e292c6d76183aa6ecf55a53/6/2023, 8:38:44.147 PM5/2/2023, 12:41:13.704 AM[ { "id": "725737663b035a749c31dd80746bf014d1847f00", "name": "OktaSSOuser", "object": "identity", "email": null } ][ { "id": "8b2864988275496f8e94fc5b44f6d55d08555033", "name": "AWS" } ]Privileged Access[][ { "values": [ "5.1", "3.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC3.3" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][]OpenHigh9172319074691723190746Detect AWS IAM Users88391685076Make sure this IAM account is necessary If this account is temporary, remember to deactivate or remove it once not required anymore.IAM user OktaSSOuser was detected in AWS.falsehttps://msftriskyuser.authomize.com/incidents/a9a1ca4f09a05aafc5e292c6d76183aa6ecf55a5Authomize_v2_CL
241368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:44.964 AM1ec844535eb59cacbaca61d6ddb3678321cdf7ff2/1/2023, 10:03:15.600 PM5/2/2023, 12:40:41.608 AM[ { "id": "c90c8f880f8fa9051f380714b2f94434184cd3fd", "name": "Joni Sherman", "object": "identity", "email": null } ][ { "id": "7c723f6aaa1d472954f30719c1c13b2d82ae60ec", "name": "RiskyUser" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7938538777379385387773Risky Users with no MFA78651533898Ensure that Joni Sherman enables MFA.Customized Integration user Joni Sherman has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/1ec844535eb59cacbaca61d6ddb3678321cdf7ffAuthomize_v2_CL
242368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AM8c9d13c1597e82bb11e9aabc8dc9588ab921fcdc1/25/2023, 10:02:38.117 PM5/2/2023, 12:40:41.608 AM[ { "id": "b7fa3acc7b77a24339605577446a5cf103fb2c00", "name": "Henrietta Mueller", "object": "identity", "email": null } ][ { "id": "7c723f6aaa1d472954f30719c1c13b2d82ae60ec", "name": "RiskyUser" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7938538777379385387773Risky Users with no MFA78651533898Ensure that Henrietta Mueller enables MFA.Customized Integration user Henrietta Mueller has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/8c9d13c1597e82bb11e9aabc8dc9588ab921fcdcAuthomize_v2_CL
243368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AMbb4c621c9e7e63c0fda6cdfaf08f8f097dbe61611/25/2023, 10:02:38.117 PM5/2/2023, 12:40:41.609 AM[ { "id": "a43f28ae7266ddbe95a3dedacebc1d75d7ed0521", "name": "Lidia Holloway", "object": "identity", "email": null } ][ { "id": "7c723f6aaa1d472954f30719c1c13b2d82ae60ec", "name": "RiskyUser" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7938538777379385387773Risky Users with no MFA78651533898Ensure that Lidia Holloway enables MFA.Customized Integration user Lidia Holloway has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/bb4c621c9e7e63c0fda6cdfaf08f8f097dbe6161Authomize_v2_CL
244368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AM25a7e28e71bc60c37c411e7427b30b8fe715fc871/25/2023, 10:01:26.875 PM5/2/2023, 12:38:43.836 AM[ { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access", "Exfiltration" ][ { "values": [ "5.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Cloud Service Dashboard", "Cloud Service Discovery", "Account Manipulation", "Trusted Relationship", "Valid Accounts", "Transfer Data to Cloud Account" ]OpenHigh7470534547074705345470Admin SaaS account detected74701857152Limit the number of administrative access policies granted. Restricting administrative privileges is one of the most effective mitigation strategies in ensuring the security of systems.Administrator discoveredfalsehttps://msftriskyuser.authomize.com/incidents/25a7e28e71bc60c37c411e7427b30b8fe715fc87Authomize_v2_CL
245368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AM3a13ac12250841057b4531f0499c52bf51ad53531/25/2023, 10:01:26.875 PM5/2/2023, 12:38:43.836 AM[ { "id": "81c7a1ed4a05cb47ce02dd9f0ebe3fb1d2756d02", "name": "Global Administrator", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access", "Exfiltration" ][ { "values": [ "5.1" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.1", "A.8.1.1" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-10" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Cloud Service Dashboard", "Cloud Service Discovery", "Account Manipulation", "Trusted Relationship", "Valid Accounts", "Transfer Data to Cloud Account" ]OpenHigh7470534547074705345470Admin SaaS account detected74701857152Limit the number of administrative access policies granted. Restricting administrative privileges is one of the most effective mitigation strategies in ensuring the security of systems.Administrator discoveredfalsehttps://msftriskyuser.authomize.com/incidents/3a13ac12250841057b4531f0499c52bf51ad5353Authomize_v2_CL
246368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AM065082465817601006bfe6a97aba2943b2dc75df1/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.984 AM[ { "id": "2fd124fdf3babe6ae53b1394d6eed9c0b9f18844", "name": "All Personal drives", "object": "asset", "originId": null, "originType": null }, { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null }, { "id": "3cbcaec94f6e10f6bd29da05adb4932cd246b496", "name": "Global Administrator", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/065082465817601006bfe6a97aba2943b2dc75dfAuthomize_v2_CL
247368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AM11ae051c529eba27f239d85180a15e499a8f5edd1/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.984 AM[ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT", "object": "asset", "originId": null, "originType": null }, { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null }, { "id": "3cbcaec94f6e10f6bd29da05adb4932cd246b496", "name": "Global Administrator", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/11ae051c529eba27f239d85180a15e499a8f5eddAuthomize_v2_CL
248368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AM25b8e5eff21aab55f359e7b329c16839ea8415d91/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.985 AM[ { "id": "f2ce75c849cb957db593ba1e3fe492a7284308b3", "name": "All Sharepoint drives", "object": "asset", "originId": null, "originType": null }, { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null }, { "id": "3cbcaec94f6e10f6bd29da05adb4932cd246b496", "name": "Global Administrator", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/25b8e5eff21aab55f359e7b329c16839ea8415d9Authomize_v2_CL
249368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AM4928056997abcd97e044b73d123bdf054767f52e1/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.986 AM[ { "id": "fe985b202df8f2b487cba173cf6200e0733e63ab", "name": "MSFT", "object": "asset", "originId": null, "originType": null }, { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null }, { "id": "3cbcaec94f6e10f6bd29da05adb4932cd246b496", "name": "Global Administrator", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/4928056997abcd97e044b73d123bdf054767f52eAuthomize_v2_CL
250368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AMca1b9b775244e1dee0834e9c6a6acc816c4aad831/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.986 AM[ { "id": "1441bd5dcf06ddc16a2215fe005fd11365e9e3ce", "name": "Microsoft MSFT", "object": "asset", "originId": null, "originType": null }, { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null }, { "id": "3cbcaec94f6e10f6bd29da05adb4932cd246b496", "name": "Global Administrator", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/ca1b9b775244e1dee0834e9c6a6acc816c4aad83Authomize_v2_CL
251368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:46.273 AMd944d6659d0ae6c4fa9c3b5d8e8a85c8a37b7e711/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.985 AM[ { "id": "006b9b5e1cfc7d074c318be3080c86f7e362f045", "name": "All Sharepoint sites", "object": "asset", "originId": null, "originType": null }, { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null }, { "id": "3cbcaec94f6e10f6bd29da05adb4932cd246b496", "name": "Global Administrator", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/d944d6659d0ae6c4fa9c3b5d8e8a85c8a37b7e71Authomize_v2_CL
252368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AM791bf0246a04e89e2f334eb34d2142175c12ecda1/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.986 AM[ { "id": "fe985b202df8f2b487cba173cf6200e0733e63ab", "name": "MSFT", "object": "asset", "originId": null, "originType": null }, { "id": "d1b1eb2c80b6b6101d51f156ffc08b9c632d5575", "name": "Microsoft.Azure.SyncFabric", "object": "identity", "email": null }, { "id": "9da7d2882c8e561a9bf2c898425a6426dd5fb0cb", "name": "Directory Readers", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/791bf0246a04e89e2f334eb34d2142175c12ecdaAuthomize_v2_CL
253368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AMb47b2341a5b1c7eee874c677f2d83f30f57b71131/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.987 AM[ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT", "object": "asset", "originId": null, "originType": null }, { "id": "d1b1eb2c80b6b6101d51f156ffc08b9c632d5575", "name": "Microsoft.Azure.SyncFabric", "object": "identity", "email": null }, { "id": "9da7d2882c8e561a9bf2c898425a6426dd5fb0cb", "name": "Directory Readers", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/b47b2341a5b1c7eee874c677f2d83f30f57b7113Authomize_v2_CL
254368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AMdef97cb4841dcfd9008a23e66fc3165e4564e7461/25/2023, 10:01:18.383 PM5/2/2023, 12:37:45.987 AM[ { "id": "1441bd5dcf06ddc16a2215fe005fd11365e9e3ce", "name": "Microsoft MSFT", "object": "asset", "originId": null, "originType": null }, { "id": "d1b1eb2c80b6b6101d51f156ffc08b9c632d5575", "name": "Microsoft.Azure.SyncFabric", "object": "identity", "email": null }, { "id": "9da7d2882c8e561a9bf2c898425a6426dd5fb0cb", "name": "Directory Readers", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Privileged Access[ "Initial Access", "Persistence", "Privilege Escalation", "Defense Evasion", "Credential Access" ][ { "values": [ "6.8" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-03" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" } ][ "Cloud Service Discovery" ]OpenHigh7470534481874705344818User assigned to a default admin role74701857498Never use default administrative roles unless you have no other option. Make sure users with administrative roles have separate accounts for daily work. Make sure MFA is enabled for this account.New default administrator role assignedfalsehttps://msftriskyuser.authomize.com/incidents/def97cb4841dcfd9008a23e66fc3165e4564e746Authomize_v2_CL
255368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AM7d7ca277b09a49538b46c2ae8216dba2d81e2a221/25/2023, 10:00:03.274 PM5/2/2023, 12:34:15.007 AM[ { "id": "a536f7ea69a417200e5722a2373e6ffe8d3d147f", "name": "Steven Riley", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Persistence", "Credential Access" ][ { "values": [ "IAM-02" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.3", "A.9.1.1", "A.7.2.2" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "IAM-02", "GRM-06" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Account Manipulation" ]OpenHigh7470534532374705345323Admin password wasn't updated during the last 30 days74701857772Ensure that the password for this account is changed as soon as possible Consider suspending this account until the password is changed Enforce strong password policies within your organizationAdmin User Steven Riley hasn't changed their password for Microsoft in 31 days. Our security policy requires users to switch passwords every 30 days.falsehttps://msftriskyuser.authomize.com/incidents/7d7ca277b09a49538b46c2ae8216dba2d81e2a22Authomize_v2_CL
256368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AMa283d40c2fad4489bafb497bbf988f663b4786d61/25/2023, 9:59:58.826 PM5/2/2023, 12:33:29.706 AM[ { "id": "7c8d752e5c52030a944df0df48ba7f094e4a13ea", "name": "Lynne Robbins", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Lynne Robbins enables MFA.ActiveDirectory user Lynne Robbins has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/a283d40c2fad4489bafb497bbf988f663b4786d6Authomize_v2_CL
257368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AMbd9d2b55727089e9052f600e1c8c0910e550601e1/25/2023, 9:59:58.826 PM5/2/2023, 12:33:29.706 AM[ { "id": "acbd18c67a6f20b899b841c6dab221a6de46e8d4", "name": "Megan Bowen", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Megan Bowen enables MFA.ActiveDirectory user Megan Bowen has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/bd9d2b55727089e9052f600e1c8c0910e550601eAuthomize_v2_CL
258368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AMc16dd125bf3ce6880c187660ccb7eb88ae7add3f1/25/2023, 9:59:58.826 PM5/2/2023, 12:33:29.706 AM[ { "id": "bdf9f09ae1a208bfbffcea454d32ad881a3cd43e", "name": "Diego Siciliani", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Diego Siciliani enables MFA.ActiveDirectory user Diego Siciliani has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/c16dd125bf3ce6880c187660ccb7eb88ae7add3fAuthomize_v2_CL
259368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AMe0d6de2de03a2be14b3d38d5adb60561c85ec8831/25/2023, 9:59:58.826 PM5/2/2023, 12:33:29.706 AM[ { "id": "a23936673c0d36558ce94dff5ddabd34ef59b152", "name": "Patti Fernandez", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Patti Fernandez enables MFA.ActiveDirectory user Patti Fernandez has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/e0d6de2de03a2be14b3d38d5adb60561c85ec883Authomize_v2_CL
260368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AMea2f842f45228af455568e9446c6ae1c37a3e28c1/25/2023, 9:59:58.826 PM5/2/2023, 12:33:29.706 AM[ { "id": "9e35b3ab6003b6ac5c4c82e5cfe849a313cab903", "name": "Miriam Graham", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Miriam Graham enables MFA.ActiveDirectory user Miriam Graham has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/ea2f842f45228af455568e9446c6ae1c37a3e28cAuthomize_v2_CL
261368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.224 AM001736552de678d924874ac865da73aafc9d5d691/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.706 AM[ { "id": "8789cf5311bad67ea167df127e204ae2971c2c80", "name": "Isaiah Langer", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Isaiah Langer enables MFA.ActiveDirectory user Isaiah Langer has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/001736552de678d924874ac865da73aafc9d5d69Authomize_v2_CL
262368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM17c9523e33590f36546b3175fe4be725415f29251/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.707 AM[ { "id": "5eaf5a4260b54dcfbd22def9e70ab1ad263cccb2", "name": "Adele Vance", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Adele Vance enables MFA.ActiveDirectory user Adele Vance has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/17c9523e33590f36546b3175fe4be725415f2925Authomize_v2_CL
263368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM1edba095152ca93979b0293b47d8e01fc125a8d11/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.705 AM[ { "id": "1c8446770bbe4e3df4f98407dbf5c252d289039e", "name": "Pradeep Gupta", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Pradeep Gupta enables MFA.ActiveDirectory user Pradeep Gupta has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/1edba095152ca93979b0293b47d8e01fc125a8d1Authomize_v2_CL
264368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM2098609eac99b2d74f34d273f383e29c65087f701/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.705 AM[ { "id": "51c4d0dd2a5c22a8d5f4bd9370a2b79fa13bef15", "name": "Alex Wilber", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Alex Wilber enables MFA.ActiveDirectory user Alex Wilber has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/2098609eac99b2d74f34d273f383e29c65087f70Authomize_v2_CL
265368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM26814b852913c416607fd3f323d48dc80dd1f7901/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.706 AM[ { "id": "f8675b4257c1c9dce9001ebd2a0825fb167c5c04", "name": "Johanna Lorenz", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Johanna Lorenz enables MFA.ActiveDirectory user Johanna Lorenz has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/26814b852913c416607fd3f323d48dc80dd1f790Authomize_v2_CL
266368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM88629e8ba4f1b0cf0b73ffcbd683ff26f47274851/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.706 AM[ { "id": "8a056177e503b0ede592115fccc136ceae683c7b", "name": "Grady Archie", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Grady Archie enables MFA.ActiveDirectory user Grady Archie has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/88629e8ba4f1b0cf0b73ffcbd683ff26f4727485Authomize_v2_CL
267368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AMf06936273878410c3066c30f7f428ec590fa223d1/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.706 AM[ { "id": "a43f28ae7266ddbe95a3dedacebc1d75d7ed0521", "name": "Lidia Holloway", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Lidia Holloway enables MFA.ActiveDirectory user Lidia Holloway has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/f06936273878410c3066c30f7f428ec590fa223dAuthomize_v2_CL
268368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM0c9da8f1e9cde31d4f64b4e83c397334a61720ca1/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.707 AM[ { "id": "2f4dc86237b061798aac6ad2aa28a2172235f57d", "name": "Lee Gu", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Lee Gu enables MFA.ActiveDirectory user Lee Gu has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/0c9da8f1e9cde31d4f64b4e83c397334a61720caAuthomize_v2_CL
269368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM3eccb23151bbc83e7d6cf869e8d249350320adef1/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.707 AM[ { "id": "b7fa3acc7b77a24339605577446a5cf103fb2c00", "name": "Henrietta Mueller", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Henrietta Mueller enables MFA.ActiveDirectory user Henrietta Mueller has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/3eccb23151bbc83e7d6cf869e8d249350320adefAuthomize_v2_CL
270368f4943-db69-4ede-8c31-1788dc4e2dc3RestAPI5/2/2023, 2:16:48.979 AM99ef59e4aa23e9aa3fe17a5bc2cafaf28191b3f41/25/2023, 9:59:58.825 PM5/2/2023, 12:33:29.707 AM[ { "id": "2f4dc86237b061798aac6ad2aa28a2172235f57d", "name": "Lee Gu", "object": "identity", "email": null } ][ { "id": "f0c8aa9c67004699b20c284c3cfa89f0de3078c7", "name": "Microsoft Active Directory - MSFT" } ]Misconfiguration[ "Credential Access", "Initial Access", "Privilege Escalation" ][ { "values": [ "12.7", "6.5" ], "id": "cisv8", "name": "CIS v.8" }, { "values": [ "IAM-01", "IAM-14", "DSP-07", "IAM-16" ], "id": "ccm402", "name": "CSA STAR (CCM 4.0.2)" }, { "values": [ "A.9.4.2", "A.9.1.2", "A.9.2.2", "A.9.2.3" ], "id": "isoIec27001", "name": "ISO/IEC 27001" }, { "values": [ "CC6.2" ], "id": "aicpaTsc2017", "name": "SOC 2 (TSC 2017)" }, { "values": [ "IAM-01", "IAM-02", "IAM-05" ], "id": "ccm301", "name": "CSA STAR (CCM 3.0.1)" } ][ "Valid Accounts", "Account Manipulation" ]OpenHigh7470534736474705347364User without MFA74701857084Ensure that Joni Sherman enables MFA.ActiveDirectory user Joni Sherman has no multi factor authentication (MFA) set up.falsehttps://msftriskyuser.authomize.com/incidents/99ef59e4aa23e9aa3fe17a5bc2cafaf28191b3f4Authomize_v2_CL