AWS FSx Excessive File Denied

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Goal

Detect and identify users accessing files they do not have permission to access.

Strategy

Monitor AWS FSx logs and detect more than 10 occurrences where @evt.id is equal to 4656 and @Event.System.Keywords is equal to 0x8010000000000000.

Triage & Response

  1. Inspect the log and determine if the user should be accessing the file: {{@ObjectName}}.
  2. If access is not legitimate, investigate user ({{@usr.id}}) activity.