AWS IAM Abuse for Establishing Persistence

Detects AWS IAM operations indicative of APT persistence: user creation, administrative policy attachment, access key generation, role creation, and trust policy modification. Designed for environments with Falcon Cloud Security integrated.