High risk document has S3 Object ACL that enables global access (ALERT_CREATED)

SK4 unified event:


SK4 Version:


Created Date:

Sun Feb 17 2019 12:13:46 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:11:52 GMT+0000 (Coordinated Universal Time)


Security Alert


A high risk document has an S3 Object ACL that enables global access via a link. Since this alert is related to a high DLP value object, we recommend asking the object’s owner to confirm that this ACL, which makes the object accessible to the public Internet is intentional. If not, investigate any historical access to this object via Macie's research page to understand exposure, and revoke this object policy to limit potential exposure of information. This data is subject to Amazon S3 Block Public Access settings.

Search query

cef_vendor="skyformation" cef_name="security-alert-detection" destinationServiceName="AWS" sourceServiceName="aws.macie" proto="High risk document has S3 Object ACL that enables global access"

Parsed CEF
Unparsed raw data

Expand to see an example...

Audit sources