[New Rule] AWS - possible compromised access keys  [ML]

## Description

AWS IAM users can generate access key credentials to be used in CLI or other API applications, in case of access key+secret leakage it might be difficult to detect the malicious activity, it is possible based on AWS Cloudtrail log and a and machine learning job to detect a possible compromised access keys. 


## Required Info

### Target indexes

logs-aws*

### Additional requirements

Machine Learning 

### Platforms

AWS Cloudtrail

### Tested ECS Version
1.6.0


## Optional Info
https://www.linkedin.com/pulse/detecting-compromised-access-key-aws-guy-dahan

### Query
based on ML job, score threshold 50

### New fields required in ECS/data sources for this rule?
user_identity.accessKeyId



## Example Data

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[New Rule] AWS - possible compromised access keys [ML] #1919

Description

Required Info

Target indexes

Additional requirements

Platforms

Tested ECS Version

Optional Info

Query

New fields required in ECS/data sources for this rule?

Example Data

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[New Rule] AWS - possible compromised access keys [ML] #1919

Description

Description

Required Info

Target indexes

Additional requirements

Platforms

Tested ECS Version

Optional Info

Query

New fields required in ECS/data sources for this rule?

Example Data

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions