AWS S3 Bucket Policy Modified
Rapport de recherche Datadog : Bilan sur l'adoption de l'informatique sans serveur Rapport : Bilan sur l'adoption de l'informatique sans serveur
<  Back to rules search

AWS S3 Bucket Policy Modified

cloudtrail

Classification:

compliance

Framework:

cis-aws

Control:

cis-3.8

Set up the cloudtrail integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Overview

Goal

Detect when a S3 Bucket policy is modified.

Strategy

Monitor CloudTrail and detect when S3 policies are being modified via one of the following API calls: * PutBucketAcl * PutBucketPolicy * PutBucketCors * PutBucketLifecycle * PutBucketReplication * DeleteBucketPolicy * DeleteBucketCors * DeleteBucketLifecycle * DeleteBucketReplication

Triage & Response

  1. Determine who the user was who made this API call.
  2. Contact the user and see if this was an API call which was made by the user.
  3. If the API call was not made by the user:
    • Rotate the user credentials and investigate what other API calls.
    • Determine what other API calls the user made which were not made by the user.