LoFP
/
s3 bucket
Title
Tags
based on the values of`datapointthreshold` and `deviationthreshold`, the false positive rate may vary. please modify this according the your environment.
t1078.004
T1530
s3 bucket
aws instance
splunk
s3 buckets can be accessed from any ip, as long as it can make a successful connection. this will be a false postive, since the search is looking for a new ip within the past hour
T1530
s3 bucket
splunk
there maybe buckets provisioned with s3 encryption
t1486
s3 bucket
splunk
LoFP
/
s3 bucket