The Infocyte HUNT’s Cloud Workload Security module can be extended to support the collection and inspection of AWS IAM Identities. This functionality is in addition to the existing AWS CloudTrail Events and is leveraged as an extension of the Infocyte HUNT Cloud module for Inspecting AWS EC2 instances in a Security workload.
This capability allows Infocyte to enumerate all AWS IAM Identities and stores them as an Identity object under the Cloud section within the Analyze page. Infocyte further enriches this information by aligning relevant AWS Event information with the new object types. This additional enrichment lists events that were initiated by the IAM Identity, including the Type, Action, Event ID, Event Time and the full details from the audit log as a JSON metadata structure.
- A User must have created and aligned AWS Credentials as defined in the AWS - Inspecting AWS EC2 Instances documentation
- A User must ensure that the AWS Credential being utilized has an IAM Policy associated with it that allows AWS Actions for LookupEvents and DescribeTrails (see example below)
- The User must then create an Integration with AWS using Infocyte’s Integration capability where an AWS Region and the AWS Credential to be used is specified.