AWS STS GetSessionToken Misuse (b45ab1d2-712f-4f01-a751-df3826969807)

Identifies the suspicious use of GetSessionToken. Tokens could be created and used by attackers to move laterally and escalate privileges.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	AWS STS GetSessionToken Misuse (b45ab1d2-712f-4f01-a751-df3826969807)	Sigma-Rules	1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	AWS STS GetSessionToken Misuse (b45ab1d2-712f-4f01-a751-df3826969807)	Sigma-Rules	1
AWS STS GetSessionToken Misuse (b45ab1d2-712f-4f01-a751-df3826969807)	Sigma-Rules	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	2