-
Notifications
You must be signed in to change notification settings - Fork 375
/
Copy pathaws_s3_bucket_details.json
52 lines (52 loc) · 1.65 KB
/
aws_s3_bucket_details.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{
"creation_date": "2018-06-26",
"data_metadata": {
"data_source": [
"AWS Configuration Logs"
],
"data_sourcetypes": [
"aws:config"
],
"providing_technologies": [
"AWS"
]
},
"description": "This search queries AWS configuration logs and returns the information about a specific S3 bucket. The information returned includes the time the S3 bucket was created, the resource ID, the region it belongs to, the value of action performed, AWS account ID, and configuration values of the access-control lists associated with the bucket.",
"entities": [
"bucketName"
],
"how_to_implement": "To implement this search, you must install the AWS App for Splunk (version 5.1.0 or later) and Splunk Add-on for AWS (version 4.4.0 or later) and configure your AWS inputs.",
"id": "f3fb2q1c-5f33-4b01-b541-c2ah9534c242",
"investigate": {
"splunk": {
"fields_required": [
"bucketName"
],
"schedule": {
"cron_schedule": "",
"earliest_time": "86400",
"latest_time": "0"
},
"search": "| search sourcetype=aws:config resourceId={bucketName} | table resourceCreationTime resourceId awsRegion action aws_account_id supplementaryConfiguration.AccessControlList"
}
},
"maintainers": [
{
"company": "Splunk",
"email": "bpatel@splunk.com",
"name": "Bhavin Patel"
}
],
"modification_date": "2018-06-26",
"name": "AWS S3 Bucket details via bucketName",
"original_authors": [
{
"company": "Splunk",
"email": "bpatel@splunk.com",
"name": "Bhavin Patel"
}
],
"spec_version": 2,
"type": "splunk",
"version": "1.0"
}