AWSCloudTrail - S3 bucket exposed via ACL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Detects S3 bucket ACL changes that grant public or broadly authenticated access. Overly permissive ACL assignments can expose bucket contents to unauthorized users.

Attribute	Value
Type	Analytic Rule
Solution	Amazon Web Services
ID	6b9b4ee6-f4c1-4b86-8c8c-beb0bb59ae44
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Exfiltration
Techniques	T1537
Required Connectors	AWS
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AWSCloudTrail	EventName == "PutBucketAcl"	✓	✓	✓

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules · Back to Amazon Web Services