Skip to main content
Panther Knowledge Base

Why does Panther display the CloudTrail username as "HIDDEN_DUE_TO_SECURITY_REASONS"?

  1. Last updated
  2. Save as PDF

QUESTION

I received an alert, or queried some logs, where the username is displayed as "HIDDEN_DUE_TO_SECURITY_REASONS". Why is that?

ANSWER

This username masking is actually performed by CloudTrail, not Panther. AWS provides the following explanation:

The userName field contains the string HIDDEN_DUE_TO_SECURITY_REASONS when the recorded event is a console sign-in failure caused by incorrect user name input. CloudTrail does not record the contents in this case because the text could contain sensitive information, as in the following examples:

  • A user accidentally types a password in the user name field.

  • A user clicks the link for one AWS account's sign-in page, but then types the account number for a different one.

  • A user accidentally types the account name of a personal email account, a bank sign-in identifier, or some other private ID.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.