Prisma Cloud Remediation - AWS Inactive Users For More Than 30 Days
To increase the security of your AWS account, it is recommended to find and remove IAM user credentials (passwords, access keys) that have not been used within a specified period of time. To remediate Prisma Cloud Alert Inactive users for more than 30 days, this playbook deactivates the user by disabling the access keys (marking them as inactive) as well as resetting the user console password.
Prisma Cloud by Palo Alto Networks · 12 tasks · 1 input · 0 outputs
Inputs
AutoQuarantine— if set to: - yes: access keys will be disabled and password reset - no: an analyst will be prompted for action
Commands used
aws-iam-list-access-keys-for-user
aws-iam-update-access-key
aws-iam-update-login-profile
closeInvestigation