Skip to main content

AWS S3 Bucket Publicly Accessible - Remediate and Notify

This Playbook is part of the Cloud Security Posture Management Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

This playbook helps you fix cloud security misconfigurations related to your AWS S3 bucket. It also makes it easy to involve your team by creating tickets and sending notifications through your chosen services. You have the flexibility to fully automate the fix or include an analyst review and approval step before any changes are made. Ticketing and notifications are handled by a sub-playbook, which you need to set up with your preferred integrations. You can choose to only create or update a ticket and skip the notification, skip creating or updating a ticket and send only a notification, or both create or update a ticket and notify relevant parties. If you want an analyst to approve the fix, you need to provide their email address. The playbook will send them the issue details and wait for their decision before applying any changes.

This playbook can fix the following misconfigurations.

  • AWS S3 bucket publicly readable
  • AWS S3 bucket publicly writable.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Create Ticket and/or Notify
  • Update Ticket and/or Notify

Integrations#

  • AWS
  • Cortex Core - Platform

Scripts#

  • IsIntegrationAvailable
  • Print

Commands#

  • aws-s3-public-access-block-update
  • core-get-asset-details
  • setIssueStatus

Playbook Inputs#


NameDescriptionDefault ValueRequired
Do you want to auto-remediate?Possible values:
- Yes
- No

Note: If set to 'No', the Reviewer Email Address input is required.
NoRequired
Do you want to create a ticket?Possible values:
- Yes
- No

Note: If set to 'Yes', a configured ServiceNow and/or Jira integration is required.
If using Jira, the Jira Project Key input must also be provided.
NoRequired
Do you want to send a message notification?Possible values:
- Yes
- No

Note: If set to 'Yes', Microsoft Teams and/or Slack integration must be configured.
If using Slack, the Slack Channel Name input must also be provided.
NoRequired
Do you want to send an email notification?Possible values:
- Yes
- No

Note: To send email notifications, specify the Notification Email Recipients input.
NoOptional
Reviewer Email AddressProvide the designated reviewer's email address to request approval for executing the remediation command.Optional
Jira Project KeyProvide Jira project key where the issue will be created.Optional
Slack Channel NameProvide Slack channel name to which to send messages.Optional
Notification Email RecipientsProvide the email address to send email notifications.

Note: If you leave this blank, no email notification will be sent and the playbook will skip this step.
Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


AWS S3 Bucket Publicly Accessible - Remediate and Notify