Skip to main content
All CollectionsTemplatesIntermediate
Enable AWS S3 Bucket Encryption on Alert (PrismaCloud) - Workflow Template
Enable AWS S3 Bucket Encryption on Alert (PrismaCloud) - Workflow Template

Receive PrismaCloud alert on an AWS S3 bucket with encryption disabled, lookup owner tag, ask owner or channel to enable AES256 encryption.

Updated over a week ago

This article discusses the workflow to handle an alert from PrismaCloud regarding an AWS S3 bucket lacking encryption. The workflow includes identifying the bucket owner through tags, prompting them via Slack to enable AES256 encryption, and, upon approval, applying the changes. If the request is denied or there's no response, the workflow guides on creating a Jira ticket to follow up on the issue, ensuring compliance with security standards and organizational policies.

Take Me to the Template

Trigger

Prisma Cloud Platform

Use Cases

CSPM

Workflow Breakdown

  1. Pull the tags that are attached to the bucket

  2. Reach out to the bucket owner or Slack channel, notify them about the issue

  3. Suggest to remediate by enabling default AES256 encryption on the bucket

  4. Apply changes if the user/channel gives approval

  5. If user or channel rejects, collect a reason and open a follow-up Jira ticket

Vendors

AWS, Slack, Utils, Jira Cloud

Workflow Output

Success/Failure - Jira Ticket and Slack Message

Tips

Setup integration names and Jira information in the first variables step","Setup trigger event to match the policyName - \"AWS S3 buckets do not have server side encryption\" and reason - \"NEW_ALERT\

Related Articles
Enable AWS S3 Bucket Versioning on Orca Alert - Workflow Template
Enable AWS S3 Bucket Encryption on Alert from Wiz - Workflow Template
Enable AWS S3 Bucket Versioning on Alert from Wiz - Workflow Template
Enable Encryption on AWS S3 Bucket on Alert from Orca - Workflow Template
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template
Did this answer your question?