GuardDuty provides findings related to unauthorized access and console logins. The "UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B" finding specifically indicates successful console logins from new or unusual locations.
By configuring GuardDuty, you can receive alerts and notifications for such findings, allowing you to investigate and take appropriate action.
Options A, B, and C are not directly designed for monitoring unauthorized console logins from multiple geographic locations:
A. Amazon Cognito is an identity management service but is not specifically designed for monitoring AWS Management Console logins.
B. Amazon Inspector is a security assessment service that identifies security vulnerabilities in your EC2 instances. While it can help with overall security posture, it is not focused on monitoring console logins.
C. AWS Config can provide information about configuration changes, but the "iam-policy-blacklisted-check" managed rule is related to IAM policies and is not specifically designed for monitoring console logins from multiple locations.
Default severity: Medium
Data source: CloudTrail management events
This finding informs you that multiple successful console logins for the same IAM user were observed around the same time in various geographical locations. Such anomalous and risky access location patterns indicate potential unauthorized access to your AWS resources.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Christina666
Highly Voted 1 year, 3 months agor2c3po
Most Recent 10 months agoalexiscloud
12 months agoChristina666
1 year, 3 months agotts1234
1 year, 10 months agomichaldavid
1 year, 10 months agoLiongeek
1 year, 11 months ago