Skip to content

Hide Navigation Hide TOC

AWS Successful Console Login Without MFA (77caf516-34e5-4df9-b4db-20744fea0a60)

Detects successful AWS console logins that were performed without Multi-Factor Authentication (MFA). This alert can be used to identify potential unauthorized access attempts, as logging in without MFA can indicate compromised credentials or misconfigured security settings.

Cluster A Galaxy A Cluster B Galaxy B Level
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern AWS Successful Console Login Without MFA (77caf516-34e5-4df9-b4db-20744fea0a60) Sigma-Rules 1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 2