Features
Integrations
Dashboards
Log Management
APM
Security Monitoring
Network Monitoring
Synthetic Monitoring
Real User Monitoring
Serverless
Alerts
API
< Back to rules search
AWS S3 Public Access Block Removed
Classification:
compliance
Set up the cloudtrail integration.
Overview
Goal
Detect when the S3 Public Access Block configuration has been removed
Strategy
This rule lets you monitor this CloudTrail API call to detect if an attacker is deleting the S3 Public Access Block configuration:
Triage & Response
- Determine who the user was who made this API call.
- Contact the user and inform them of best practices of enabling Public Access Block on S3 buckets.
- Re-enable Public Access Block on the S3 bucket.
More details on S3 Public Block Public Access can be found here.
On this Page