You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This rule utilizes an hourly baseline to detect an outlier in the number of denied PutObject access events to an S3 bucket. AWS Data events are necessary for this signal to function. Denied PutObject access events can stem from IAM policies or bucket policies. Look at the user, role, IP address from the events in order to determine whether this activity is expected. In certain cases, access denied events to S3 can also result in unexpected AWS charges.
Additional Details
Detail
Value
Type
Outlier
Category
Exfiltration
Apply Risk to Entities
user_username
Signal Name
Spike in AWS S3 PutObject Denied Events
Summary Expression
An outlier in AWS S3 PutObject Denied Events was detected for: {{user_username}}