The_remote_host_is_an_AWS_EC2_instance_for_which_metadata_could_be_retrieved._Tenable.io_General

Alert

The remote host is an AWS EC2 instance for which metadata could be retrieved. (The remote host is an AWS EC2 instance for which metadata could be\nretrieved.)

SK4 unified event:
Connector/Service

Tenable.io/General

SK4 Version:

2.4

Created Date:

Tue Jun 04 2019 09:43:39 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:10:28 GMT+0000 (Coordinated Universal Time)

Category

Security Alert

Description

The remote host appears to be an Amazon Machine Image. Nessus was able to use the metadata API to collect information about the system.

Search query

cef_vendor="skyformation" cef_name="security-threat-detected" destinationServiceName="Tenable.io" dpriv="VULNERABILITY" proto="Amazon Web Services EC2 Instance Metadata Enumeration (Unix)" act="detect"

Parsed CEF
Unparsed raw data

Expand to see an example...

Audit sources