streamalert icon indicating copy to clipboard operation
streamalert copied to clipboard

Published 20 hours ago verified publisher icon airbnb

[Enhancement] Create rule for Access Analyzer

Open 0xdabbad00 opened this issue 5 years ago • 0 comments

Background

AWS has a service called Access Analyzer to identify when resources are made public. https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-eventbridge.html

Alerts from this go to EventBridge. A new rule should be made much like the existing GuardDuty rule (https://github.com/airbnb/streamalert/blob/master/rules/community/guardduty/guard_duty_all.py) to detect these. Identifying these resources being made public has overlap with some of the detections in the existing rule cloudtrail_public_resources (https://github.com/airbnb/streamalert/blob/master/rules/community/cloudtrail/cloudtrail_public_resources.py)

0xdabbad00 avatar Dec 30 '19 16:12 0xdabbad00