AWS

Download 368
Last updated Apr 30, 2025

Rules

Detect when a user stops an AWS Configuration Recorder

User logs in to the AWS console from an external location.

Detects when a user creates a new AWS IAM account.

Detects when a user adds an ingress rule to an AWS security group that allows inbound access from a Class B or larger IP range (/16 or less).

Detects when a user adds an ingress rule to an AWS security group that allows internet inbound access.