Skip to main content

Security Content Release Notes

January 2025

Additions to "MITRE ATT&CK: AWS Privilege Escalation" rule pack

  • integration-question-aws-search-for-secrets-in-lambda-functions

Additions to 'JupiterOne Questions'. This question will allow an AWS user to search for keywords to ensure that there are no AWS exposed secrets in lambda function metadata. This will also enable a user to turn the question into an alert. https://ask.us.jupiterone.io/question/a4db06a7ae955bc6c22896c651bd5cb7f0cc32e8?search=lambda&tagFilter=all

  • privileges-unused-for-90-days

Addition to existing 'AWS Config' rule pack. Checks for aws role privileges that have been unused for 90 days or greater. It is recommended to review results returned and remove unused privileges.

  • aws-public-facing-resources-list

Addition to existing 'AWS Threat' rule pack. This alert returns all AWS resources that are public facing. Useful for delta detection and trending over time.

  • aws-high-privilege-lambda-function-wildcard
  • aws-high-privilege-lambda-function-lambda:*
  • aws-high-privilege-lambda-function-get-policy
  • aws-high-privilege-lambda-function-get-function
  • aws-high-privilege-lambda-function-get-function-configuration
  • aws-high-privilege-lambda-function-list-functions

Contents