AWS User Login Profile Was Modified (055fb148-60f8-462d-ad16-26926ce050f1)
An attacker with the iam:UpdateLoginProfile permission on other users can change the password used to login to the AWS console on any user that already has a login profile setup. With this alert, it is used to detect anyone is changing password on behalf of other users.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) | Attack Pattern | AWS User Login Profile Was Modified (055fb148-60f8-462d-ad16-26926ce050f1) | Sigma-Rules | 1 |