云存储访问分析

v20260317

analyzing-cloud-storage-access-patterns

通过分析 CloudTrail、GCS 审计日志和 Azure 存储分析，识别云存储的异常访问：非工作时间批量下载、新 IP、列举突增等风险并生成优先级报告。

云安全异常检测 AWS S3 GCS Azure Blob 访问监控

获取技能

86 次下载

概览

Instructions

Install dependencies: pip install boto3 requests
Query CloudTrail for S3 Data Events using AWS CLI or boto3.
Build access baselines: hourly request volume, per-user object counts, source IP history.
Detect anomalies:
- After-hours access (outside 8am-6pm local time)
- Bulk downloads: >100 GetObject calls from single principal in 1 hour
- New source IPs not seen in the prior 30 days
- ListBucket enumeration spikes (reconnaissance indicator)
Generate prioritized findings report.

python scripts/agent.py --bucket my-sensitive-data --hours-back 24 --output s3_access_report.json

Examples

CloudTrail S3 Data Event

{"eventName": "GetObject", "requestParameters": {"bucketName": "sensitive-data", "key": "financials/q4.xlsx"},
 "sourceIPAddress": "203.0.113.50", "userIdentity": {"arn": "arn:aws:iam::123456789012:user/analyst"}}

信息

Category 未分类

Name analyzing-cloud-storage-access-patterns

版本 v20260317

大小 8.63KB

Source mukul975/Anthropic-Cybersecurity-Skills

更新时间 2026-03-18