IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Update v8.13.22 Advanced Entity Analytics »
Elastic Docs Elastic Security Solution [8.13] Detections and alerts Downloadable rule updates

Update v8.13.23

edit

Update v8.13.23

edit

This section lists all updates associated with version 8.13.23 of the Fleet integration Prebuilt Security Detection Rules.

Rule Description Status Version

AWS STS AssumeRoot by Rare User and Member Account

Identifies when the STS AssumeRoot action is performed by a rare user in AWS. The AssumeRoot action allows users to assume the root member account role, granting elevated but specific permissions based on the task policy specified. Adversaries whom may have compromised user credentials, such as access and secret keys, can use this technique to escalate privileges and gain unauthorized access to AWS resources. This is a [New Terms](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-new-terms-rule) rule that identifies when the STS AssumeRoot action is performed by a user that rarely assumes this role and specific member account.

new

1
« Update v8.13.22 Advanced Entity Analytics »