Skip to main content

New Service

This alert occurs when Lacework detects the enablement of a new AWS service.

Why this Alert is Important

This event is very important from a security standpoint. Unauthorized account activity, such as new services that are unexpectedly launched, can indicate that your AWS credentials are compromised.

Attackers can take advantage of new services to perform malicious actions; for example, run instances on EC2 Service, create new users on IAM Service, or create new buckets on S3 Service.

Investigation

Check the AWS Management Console for any unusual new resources, actions, or operations.

Resolution

Identify the compromised IAM user and access key. Then, disable them. Use AWS CloudTrail to search for API event history associated with the compromised IAM user.