After identifying a potentially compromised IAM user, you can revoke the user's access permission to the associated AWS cloud account.
This task is supported by the following services:
-
AWS
![]() |
ImportantThis feature is only available for customers that have updated to the Foundation Services release.
|
Procedure
- After identifying the potentially compromised cloud user account, access the
context or response menu and click Revoke Access
Permission.The Revoke Access Permission Task screen appears.
- You can specify a description for the task to display in the Response Management app.
- Click Create.
- Monitor the task status.
- Open Response Management.
- Locate the task by selecting Revoke Access Permission from the Action drop-down list.
- View the task status.
-
In progress (
): Trend Vision One sent the command and is waiting for a response.
-
Successful (
): The command was successfully executed.
-
Partially successful (
): The task was unsuccessful on one or more IAM service
-
Unsuccessful (
): The task was unsuccessful on all connected IAM services
-