After identifying a potentially compromised IAM user, you can revoke the user's access permission to the associated AWS cloud account.

This task is supported by the following services:
  • AWS
This feature is only available for customers that have updated to the Foundation Services release.


  1. After identifying the potentially compromised cloud user account, access the context or response menu and click Revoke Access Permission.
    The Revoke Access Permission Task screen appears.
  2. You can specify a description for the task to display in the Response Management app.
  3. Click Create.
  4. Monitor the task status.
    1. Open Response Management.
    2. Locate the task by selecting Revoke Access Permission from the Action drop-down list.
    3. View the task status.
      • In progress (in-progress.jpg): Trend Vision One sent the command and is waiting for a response.
      • Successful (successful.jpg): The command was successfully executed.
      • Partially successful (partially-successful.jpg): The task was unsuccessful on one or more IAM service
      • Unsuccessful (error.jpg): The task was unsuccessful on all connected IAM services