AWS GuardDuty detects API calls against public S3 Bucket with PII from suspicious source

Suspicious activity

AWS GuardDuty detects API calls against public S3 Bucket with PII from suspicious source

Risk Level

Imminent Compromised (2)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

S3 API calls from suspicious source address were detected by AWS GuardDuty service on the public S3 Bucket {AwsS3Bucket}. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detects one of the following types of S3 discovery findings (Discovery:S3/MaliciousIPCaller, Recon:EC2/PortProbeUnprotectedPort, Discovery:S3/MaliciousIPCaller.Custom, Discovery:S3/TorIPCaller) on a public S3 Bucket that Orca has identified with Potentially Personal Identifying Information.

AWS GuardDuty detects API calls against public S3 Bucket with PII from suspicious source

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS