<  Back to rules search

GCP Bucket Contents Downloaded Without Authentication

gcp

Classification:

attack

Tactic:

Technique:

Goal

Detect unauthenticated access to an object in a GCS bucket (bucket_name).

Strategy

Monitor GCS bucket (bucket_name) for get requests(@evt.name:storage.objects.get) made by unauthenticated users (@usr.id).

Triage and response

Investigate the logs and determine whether or not the accessed bucket: {{bucket_name}} should be accessible to unauthenticated users.

Changelog

  • 27 October 2022 - updated tags.