Detections
Analytics
Cloud Instance Metadata API
Description
Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | EC2 | Authenticated Scan | API | Metadata info | Plugin ID: 90427 |
References
Amazon Web Services EC2 Instance Metadata Enumeration (Windows)
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Credential Access
Technique: Unsecured Credentials
Sub-Technique: Cloud Instance Metadata API
Platform: AWS
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2023 Q3