generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High Severity Issue in AWS Security Hub #6671
Labels
Comments
Sukesh to talk to App team - and suggest it is monitored |
Discussed this with the user. If they encounter something like this in the future, I asked them to inform us or raise the issue in the ask channel. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
The expected behavior would be for IAM entities to interact with S3 using standard, approved methods without triggering any unusual behavior alerts in AWS Security Hub or GuardDuty.
Actual Behavior
IAM entities are invoking S3 API calls in an unusual manner, triggering alerts related to Exfiltration:S3/AnomalousBehavior in AWS Security Hub. This behavior is specifically related to the
bastion module
interaction with S3 in thepra-register-production
environment.https://mojdt.slack.com/archives/C01A7QK5VM1/p1711550490256409
Steps to Reproduce the Problem
No response
Version
No response
Modules
Bastion Module
Account
pra-register-production
The text was updated successfully, but these errors were encountered: