ConsoleLogin
Event
Records a sign-in attempt to the AWS Management Console, capturing success or failure status and whether MFA was used.
Security Context
- Compromised credentials or stolen tokens allow adversaries to operate as legitimate users, making detection significantly more difficult.
Log Source
CloudTrail
Sample Event
MITRE ATT&CK Mapping
Tactics: Initial Access
Techniques:
- T1078.004 — Cloud Accounts — Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of r...