Suspicious activity

Anomaly detection: Role increased activity in accessing public s3 bucket with PII

Platform(s)

Description

Unlike in the past, the role has an increased activity in accessing s3 bucket. Furthermore it was found that the role changed the s3 bucket's policy to public access. This is an anomaly in this role's behavior and might indicate on an exfiltration attempt. An attacker might create a public bucket to share confidential information outside the environment. The s3 bucket mentioned contains PII.