PasswordRecoveryRequested
Event
Records a request to recover or reset the AWS account root user password via the password reset process.
Security Context
- Accessing credential stores is a high-priority adversary objective that can unlock access to additional services, accounts, and environments.
Log Source
CloudTrail
Sample Event
MITRE ATT&CK Mapping
Tactics: Initial Access Credential Access
Techniques:
- T1078.004 — Cloud Accounts — Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of r...