LoFP
/
s3 bucket
Title
Tags
based on the values of`datapointthreshold` and `deviationthreshold`, the false positive rate may vary. please modify this according the your environment.
t1078.004
T1530
aws instance
s3 bucket
splunk
s3 buckets can be accessed from any ip, as long as it can make a successful connection. this will be a false postive, since the search is looking for a new ip within the past hour
T1530
s3 bucket
splunk
some applications or web pages may continue to reference old s3 bucket urls after they have been decommissioned. these should be investigated and updated to prevent potential security risks.
t1485
s3 bucket
splunk
there maybe buckets provisioned with s3 encryption
t1486
s3 bucket
splunk
LoFP
/
s3 bucket