← Back to Explore
T1069.003
Cloud Groups
Adversaries may attempt to find cloud groups and permission settings. The knowledge of cloud permission groups can help adversaries determine the particular roles of users and groups within an environment, as well as which users are associated with a particular group. With authenticated access there are several tools that can be used to find permissions groups. The <code>Get-MsolRole</code> PowerShell cmdlet can be used to obtain roles and permissions groups for Exchange and Office 365 accounts...
SaaSIaaSOffice SuiteIdentity Provider
7
Detections
3
Sources
0
Threat Actors
BY SOURCE
4elastic2splunk_escu1sigma
PROCEDURES (6)
Privilege2 detections
Auto-extracted: 2 detections for privilege
Credential1 detections
Auto-extracted: 1 detections for credential
Service1 detections
Auto-extracted: 1 detections for service
Azure1 detections
Auto-extracted: 1 detections for azure
Credential1 detections
Auto-extracted: 1 detections for credential
Api1 detections
Auto-extracted: 1 detections for api
DETECTIONS (7)
ASL AWS IAM Successful Group Deletion
splunk_escu
AWS IAM Principal Enumeration via UpdateAssumeRolePolicy
elasticmedium
AWS IAM Successful Group Deletion
splunk_escu
Entra ID Sign-in BloodHound Suite User-Agent Detected
elasticmedium
Entra ID Sign-in TeamFiltration User-Agent Detected
elasticmedium
Kubernetes Suspicious Self-Subject Review via Unusual User Agent
elasticlow
RBAC Permission Enumeration Attempt
sigmalow