ActionTrail store logs to publicly accessible bucket

Logging and monitoring

ActionTrail store logs to publicly accessible bucket

Platform(s)

Compliance Frameworks

AliCloud CIS
Brazilian General Data Protection (LGPD)
CCPA
cis_8
CPRA
Data Security Posture Management (DSPM) Best Practices
essential_8_au
essential_8_au_level_2
hdh
ISO 27701
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

ActionTrail is a web service that monitors and records actions performed on your cloud through cloud console, API calls, and SDK operations. The recorded events are stored at the configured Log Service Logstores and Object Storage Service buckets (if configured). It was detected that the ActionTrail {AliCloudActionTrail} store the logs to the bucket {AliCloudActionTrail.OssBucket} which is publicly accessible.

ActionTrail store logs to publicly accessible bucket

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS