Delete login profile for existing user¶
|user||str||IAM user to delete the login profile for||root|
aws iam delete-login-profile -user-name user
When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.
eventName:DeleteLoginProfile AND eventSource:iam.amazonaws.com
--- title: Delete login profile for existing user id: 7c3333ce-9d4b-4704-8311-a4b68fe0f5f9 status: experimental author: Nick Jones date: 2023-07-01 description: None logsource: service: cloudtrail detection: selection_source: - eventSource: "iam.amazonaws.com" events: - eventName: "DeleteLoginProfile" condition: selection_source AND events level: low tags: - attack.T1531