High_risk_document_has_S3_Object_ACL_that_enables_global_access_AWS_Macie

Alert

High risk document has S3 Object ACL that enables global access (ALERT_CREATED)

SK4 unified event:
Connector/Service

AWS/Macie

SK4 Version:

2.3.105

Created Date:

Sun Feb 17 2019 12:13:46 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:11:52 GMT+0000 (Coordinated Universal Time)

Category

Security Alert

Description

A high risk document has an S3 Object ACL that enables global access via a link. Since this alert is related to a high DLP value object, we recommend asking the object’s owner to confirm that this ACL, which makes the object accessible to the public Internet is intentional. If not, investigate any historical access to this object via Macie's research page to understand exposure, and revoke this object policy to limit potential exposure of information. This data is subject to Amazon S3 Block Public Access settings.

Search query

cef_vendor="skyformation" cef_name="security-alert-detection" destinationServiceName="AWS" sourceServiceName="aws.macie" proto="High risk document has S3 Object ACL that enables global access"

Parsed CEF
Unparsed raw data

Expand to see an example...

Audit sources