Watch Now

Who Should Attend: Splunk Administrators, Security Analysts, SOC Manager

Every organization that uses AWS has a set of user accounts that grant access to resources and data. The Identity and Access Management (IAM) service is the part of AWS that keeps track of all the users, groups, roles and policies that provide that access. Because it controls permissions for all other services, IAM is probably the single most important service in AWS to focus on from a security perspective. Over time, there are often personnel changes within the organization as users change roles or leave the company. These user accounts may not get updated with the correct permissions or get deleted from IAM if the user is no longer an employee. Unused accounts that are not properly managed can end up being an entry point for malicious actors to gain access.

Our solution involves two Splunk Phantom playbooks: one to find user accounts with passwords that have not been used in a long time, and another to disable those accounts. The combination of these two playbooks will provide a semi-automated process that is repeatable and extensible.

Tune in to this webinar to learn about:

  • The importance of regularly checking inactive user accounts within your organization
  • How to automate the process of checking for these users
  • How these Splunk Phantom playbooks work together to protect your AWS environment


Philip Royer

Research Engineer, Splunk

Olivia Courtney

Product Marketing Specialist, Splunk

Tracking Fields


Event Fields

I agree to the Splunk Websites Terms and Conditions of Use.*
I agree to receive marketing communications by email, including educational materials, product and company announcements, and community event information, from Splunk Inc. and its Subsidiaries pursuant to the terms of Splunk’s Privacy Policy. I can unsubscribe at any time.