t1619 | LoFP

t1619

Title	Tags
access level modifications may be done by a system or network administrator. verify whether the username, hostname, and/or resource name should be making changes in your environment. access level modifications from unfamiliar users or hosts should be investigated. if known behavior is causing false positives, it can be exempted from the rule.	t1222 t1537 t1619 azure elastic
administrators listing buckets, it may be necessary to filter out users who commonly conduct this activity.	t1580 t1619 aws sigma
external account ids or broken automation may trigger this rule. for accessdenied (http 403 forbidden), s3 doesn't charge the bucket owner when the request is initiated outside of the bucket owner's individual aws account or the bucket owner's aws organization.	T1530 t1619 T1657 aws elastic