Navigation :

AWS Detect Users With Kms Keys Performing Encryption S3

Description

This search provides detection of users with KMS keys performing encryption specifically against S3 buckets.

Help
AWS Detect Users With Kms Keys Performing Encryption S3 Help You must install splunk AWS add on and Splunk App for AWS. This search works with cloudtrail logs

Help

AWS Detect Users With Kms Keys Performing Encryption S3 Help

You must install splunk AWS add on and Splunk App for AWS. This search works with cloudtrail logs

Search
`cloudtrail` eventName=CopyObject requestParameters.x-amz-server-side-encryption="aws:kms" \| rename requestParameters.bucketName AS bucket_name, requestParameters.x-amz-copy-source AS src_file, requestParameters.key AS dest_file \| stats count min(_time) as firstTime max(_time) as lastTime values(src_file) AS src_file values(dest_file) AS dest_file values(userAgent) AS userAgent values(region) AS region values(src) AS src by user \| `security_content_ctime(firstTime)`\| `security_content_ctime(lastTime)` \|`aws_detect_users_with_kms_keys_performing_encryption_s3_filter` Open in Search

Search

`cloudtrail` eventName=CopyObject requestParameters.x-amz-server-side-encryption="aws:kms" | rename requestParameters.bucketName AS bucket_name, requestParameters.x-amz-copy-source AS src_file, requestParameters.key AS dest_file | stats count min(_time) as firstTime max(_time) as lastTime values(src_file) AS src_file values(dest_file) AS dest_file values(userAgent) AS userAgent values(region) AS region values(src) AS src by user | `security_content_ctime(firstTime)`| `security_content_ctime(lastTime)` |`aws_detect_users_with_kms_keys_performing_encryption_s3_filter`

Open in Search