AWS Security Hub - Detect SQS Queue policy allowing public access

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query detects Amazon SQS queues with access policies that allow public (unauthenticated or cross-account unrestricted) access, using AWS Security Hub control SQS.3 findings. Publicly accessible queues can enable data exfiltration, unauthorized message injection, or disruption of workflows.

Attribute	Value
Type	Analytic Rule
Solution	AWS Security Hub
ID	4f0f3c2a-8d44-43f8-9d9a-5b1e0d5f2c11
Severity	High
Status	Available
Kind	Scheduled
Tactics	Exfiltration, Collection
Techniques	T1567, T1530
Required Connectors	AWSSecurityHub
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
AWSSecurityHubFindings	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to AWS Security Hub