Real-time AI observability is here - introducing Coralogix's AI Center

Learn more
Start Free Trial Get a Demo
Start Free Trial

Quick Start Security for Amazon S3 Server Access

thank you

Thank you!

We got your information.

Amazon S3 Server Access
Amazon S3 Server Access icon

Coralogix Extension For Amazon S3 Server Access Includes:

Alerts - 2

Stay on top of Amazon S3 Server Access key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Excessive HTTP Error Codes Generated

This alert triggers when a specific source makes multiple requests which results in the excessive HTTP error codes being generated. The requests could be anything such as uploading objects to the S3 bucket, downloading objects from the bucket, deleting objects from the bucket, scanning activity if the bucket is open to the public, etc. Server access logging provides detailed records for the requests that are made to an Amazon S3 bucket. Please see the below link for more details on the Amazon S3 server access logging: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html Impact A threat actor that does not have adequate privileges and makes multiple requests to an S3 bucket for different operations, may result in multiple 'AccessDenied' error codes within a short interval of time. Mitigation Check if the user is aware of the activity. If not, investigate further for any suspicious activities in the network. If the error code persists, administrators should make sure that the user making requests has adequate privileges to carry out the operations. Additionally, if the remote IP is scanning the bucket, investigate the IPs, and the activity and if necessary, block the IPs. Check the field 'error_code' value in the logs to get more insight. MITRE Tactic: TA0006 MITRE Technique: T1110

Request required an ACL for authorization

This alert triggers whenever a request requires an access control list (ACL) for authorization. If the request requires an ACL for authorization, the string is Yes. If no ACLs were required, the string is -. Impact If the ACL is enabled, the control ownership of the objects is given to the object owner and then they can transfer the ownership to any malicious actors, thus giving them permission to upload, delete, and modify objects on your bucket. Mitigation AWS recommends disabling ACLs, except in unusual circumstances where you must control access for each object individually. To disable ACLs and take ownership of every object in your bucket, apply the bucket owner-enforced setting for S3 Object Ownership. Please see below for more details: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html MITRE Tactic: TA0005 MITRE Technique: T1562 MITRE Sub-Technique: 010

Integration

Learn more about Coralogix's out-of-the-box integration with Amazon S3 Server Access in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3

Enterprise-Grade Solution