Scenario: ASRM to detect Predictive Attack Path to RDS via IAM User¶
DRAFT
Prerequisites¶
- AWS Cloud Account integrated with Vision One
Ensure to have the Playground One Network up and running:
Setup¶
The Playground One configuration for EC2 (ec2 or instances) can create an IAM User and IAM User Group with RDS Full Access and some EC2 action permissions when the creation of Potential Attack Path(s) is enabled in the config tool. The one of interest is the user dbadmin within the group dbadmins.
Verify, that you have Vision One ASRM - create Potential Attack Path(s) enabled in your configuration.
The IAM User is detected by Vision One ASRM after some time when you configured your CAM stack properly. The full analysis which should lead to a potential attack path as seen in the below screenshot can take up to 48hs.
Below the Asset Graph of the high risk instance:
🎉 Success 🎉
Tear Down¶
At minimum, disable Vision One ASRM - create Potential Attack Path(s) in your configuration.