Amazon Simple Storage Service

Version: AWS and NetsurionAWSIntegrator v2.0.2 and above.

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers scalability, data availability, security, and performance. It provides management features to optimize, organize, and configure access to data and meet specific business, organizational, and compliance requirements.

Netsurion Open XDR manages logs retrieved from Amazon S3. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Amazon S3.

The following are the key assets available in this Data Source Integration.

Alerts

TypeNameDescription
SecurityAmazon S3 – Bucket encryption disabledGenerated when an attempt is made to disable the server-side encryption on the S3 bucket.
SecurityAmazon S3 – Inventory configuration changes detectedGenerated when an attempt is made to edit or delete the S3 inventory configuration.
SecurityAmazon S3 – Bucket ownership settings changedGenerated when an attempt is made to edit or delete the S3 bucket ownership settings.
SecurityAmazon S3 – Public access block settings changedGenerated when an attempt is made to edit or delete the S3 bucket public access settings.
SecurityAmazon S3 – Bucket replication changes detectedGenerated when an attempt is made to change the bucket replication settings for S3.
SecurityAmazon S3 – Access points modifiedGenerated when an attempt is made to modify the access point settings for the S3 bucket
SecurityAmazon S3 – New lifecycle policy addedGenerated when a new life cycle policy is added for the S3 bucket which has a limited object expiration period and may supersede existing policies.
SecurityAmazon S3 – Bucket policy changedGenerated based on the request of a privileged user for the activities related to modifications in the S3 bucket policy are detected.

Reports

TypeNameDescription
SecurityAmazon S3 – Unauthorized user activitiesProvides details of the specific actions carried out related to the S3 service, which failed due to one or more errors related to access management or data misconfiguration.
SecurityAmazon S3 – Activity overviewProvides details of all the actions carried out related to S3 service.

This alert includes details like the action name, the activity-initiated time, the individual who performed it, and other information related to the application and the user.
SecurityAmazon S3 – Bucket level activityProvides the details of all the actions carried out in the S3 service.

This alert includes details like the action name, the time it was initiated, the individual who performed it, including other details related to the application and the user.

Dashboards

TypeNameDescription
SecurityAmazon S3 – Critical activitiesDisplays all the details of any critical or sensitive actions carried out related to the S3 service.
SecurityAmazon S3 – Configuration changes by IPDisplays all the details of the WRITE actions related to S3 bucket configuration mapped to the IP addresses of the users.
SecurityAmazon S3 – Failed API callsDisplays the details of any failed API calls mapped to the user’s ARN that occurred due to insufficient or unauthorised access.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Amazon S3.

Download the Integration Guide for configuration instructions and more information.