Identity Threat Detection and Response with Context-Aware Access overview
Stay organized with collections
Save and categorize content based on your preferences.
Identity Threat Detection and Response (ITDR) with Context-Aware Access
provides a dynamic layer of security that continuously assesses the user
activity based risk associated with an identity's access attempt using signals from
Security Command Center Event Threat Detection,
such as Excessive Permission Denied Actions
and Access from Anonymizing Proxy.
Those signals are categorized into five user activity risk types that
you can configure in the Console and APIs Access Policy.
User Activity risk types
The following are the user activity risk types that you can add to your
access policy:
Suspicious actions: Potentially malicious actions, such as removing or
reducing security restrictions.
Identity reputation: Changes to account settings or state, such as changing
group memberships or becoming active (non-dormant).
Malicious source: Activity from a suspicious source, such as an IP address
associated with bad actors.
Repeat actions: Excessive failed access attempts, such as
Identity and Access Management (IAM) denials.
Atypical location: Access from unusual locations, such as from a new
geographic area.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-05-20 UTC."],[],[]]
