Analyzes CloudTrail Data Events, GCS audit logs, and Azure Storage Analytics to detect anomalous access in AWS S3, GCS, and Blob Storage: off-hours bulk downloads, new IPs, GetObject spikes, potential exfiltration via baselines and time series.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
1. 安装依赖:`pip install boto3 requests`
Detects abnormal access patterns in AWS S3, GCS, Azure Blob Storage by analyzing CloudTrail Data Events, GCS audit logs, Azure Storage Analytics. Identifies bulk downloads, new IPs, API spikes, exfiltration via statistical baselines and anomaly detection.
Detects anomalies in AWS S3, GCS, Azure Blob Storage access via CloudTrail, audit logs, Storage Analytics. Flags bulk downloads, new IPs, API spikes, exfiltration using stats and time-series detection.
Detects AWS S3 data exfiltration attempts by analyzing CloudTrail S3 data events, VPC Flow Logs, GuardDuty findings, Macie alerts, and access patterns for unauthorized bulk downloads and cross-account transfers.
Share bugs, ideas, or general feedback.
pip install boto3 requestspython scripts/agent.py --bucket my-sensitive-data --hours-back 24 --output s3_access_report.json
{"eventName": "GetObject", "requestParameters": {"bucketName": "sensitive-data", "key": "financials/q4.xlsx"},
"sourceIPAddress": "203.0.113.50", "userIdentity": {"arn": "arn:aws:iam::123456789012:user/analyst"}}