A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public".
The policy definition follows:
config where cloud type = ‘aws’ AND api name=’aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee=’AllUsers’)] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee==’AII Users’)] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"
Why did this alert get generated?
A . anomalous behaviors
B . network traffic to the S3 bucket
C . configuration of the S3 bucket
D . an event within the cloud account
Answer: A
Leave a Reply