Rules Contributing to Suspicious AWS Bucket Enumeration Alert
The following rules are used to identify suspicious activity related to AWS Bucket Enumeration. Any one or more of these will trigger AWS Bucket Enumeration Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
Potential Bucket Enumeration on AWS |
Looks for potential enumeration of AWS buckets via ListBuckets. More details
Rule IDQuery{'selection': {'eventSource': 'ec2.amazonaws.com', 'eventName': 'ListBuckets'}, 'filter': {'type': 'AssumedRole'}, 'condition': 'selection and not filter'} Log SourceStellar Cyber AWS Cloudtrail configured. Rule SourceSigmaHQ,f305fd62-beca-47da-ad95-7690a0620084 Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io Tactics, Techniques, and ProceduresReferences
N/A
Additional Information
|