You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rules: First Seen AWS SSM RunShellScript SendCommand From User
Description
AWS SSM (Simple Systems Manager) can be used to manage systems and configurations, however, it can also be abused by threat actors to run various shell scripts on EC2 instances.
Additional Details
Detail
Value
Type
First Seen
Category
Execution
Apply Risk to Entities
user_username
Signal Name
First Seen AWS SSM RunShellScript SendCommand From User
Summary Expression
The user {{user_username}} has issued a RunShellScript command to an EC2 instance for the first time since the baseline period.