detecting-s3-data-exfiltration-attempts

Official

Automate detection of data exfiltration attempts from AWS S3 buckets.

Authorbalsm-health
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Detects unauthorized bulk downloads and cross-account data transfers from AWS S3 buckets.

Core Features & Use Cases

  • CloudTrail Event Analysis: Inspects S3 data events to identify bulk download patterns.
  • GuardDuty and Macie Integration: Correlates GuardDuty findings and Macie alerts for sensitive data access.
  • VPC Endpoint Policy and Bucket Policy Configuration: Recommends VPC endpoint and bucket policies to limit data movement paths.

Quick Start

Analyze the CloudTrail and GuardDuty logs using this skill to identify S3 data exfiltration attempts.

Dependency Matrix

Required Modules

boto3botocorepandasnumpy

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: detecting-s3-data-exfiltration-attempts
Download link: https://github.com/balsm-health/Balsm-AI/archive/main.zip#detecting-s3-data-exfiltration-attempts

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.