Amazon Simple Storage Service
Version: AWS and NetsurionAWSIntegrator v2.0.2 and above.
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers scalability, data availability, security, and performance. It provides management features to optimize, organize, and configure access to data and meet specific business, organizational, and compliance requirements.
Netsurion Open XDR manages logs retrieved from Amazon S3. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Amazon S3.
The following are the key assets available in this Data Source Integration.
|Security||Amazon S3 – Bucket encryption disabled||Generated when an attempt is made to disable the server-side encryption on the S3 bucket.|
|Security||Amazon S3 – Inventory configuration changes detected||Generated when an attempt is made to edit or delete the S3 inventory configuration.|
|Security||Amazon S3 – Bucket ownership settings changed||Generated when an attempt is made to edit or delete the S3 bucket ownership settings.|
|Security||Amazon S3 – Public access block settings changed||Generated when an attempt is made to edit or delete the S3 bucket public access settings.|
|Security||Amazon S3 – Bucket replication changes detected||Generated when an attempt is made to change the bucket replication settings for S3.|
|Security||Amazon S3 – Access points modified||Generated when an attempt is made to modify the access point settings for the S3 bucket|
|Security||Amazon S3 – New lifecycle policy added||Generated when a new life cycle policy is added for the S3 bucket which has a limited object expiration period and may supersede existing policies.|
|Security||Amazon S3 – Bucket policy changed||Generated based on the request of a privileged user for the activities related to modifications in the S3 bucket policy are detected.|
|Security||Amazon S3 – Unauthorized user activities||Provides details of the specific actions carried out related to the S3 service, which failed due to one or more errors related to access management or data misconfiguration.|
|Security||Amazon S3 – Activity overview||Provides details of all the actions carried out related to S3 service. |
This alert includes details like the action name, the activity-initiated time, the individual who performed it, and other information related to the application and the user.
|Security||Amazon S3 – Bucket level activity||Provides the details of all the actions carried out in the S3 service. |
This alert includes details like the action name, the time it was initiated, the individual who performed it, including other details related to the application and the user.
|Security||Amazon S3 – Critical activities||Displays all the details of any critical or sensitive actions carried out related to the S3 service.|
|Security||Amazon S3 – Configuration changes by IP||Displays all the details of the WRITE actions related to S3 bucket configuration mapped to the IP addresses of the users.|
|Security||Amazon S3 – Failed API calls||Displays the details of any failed API calls mapped to the user’s ARN that occurred due to insufficient or unauthorised access.|
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Amazon S3.
Download the Integration Guide for configuration instructions and more information.