Skip to main content
All CollectionsTemplatesIntermediate
Handle Wiz Alert for Public AWS S3 Bucket with Sensitive Data - Workflow Template
Handle Wiz Alert for Public AWS S3 Bucket with Sensitive Data - Workflow Template

On trigger from Wiz finding for a AWS S3 bucket containing sensitive data, ask a Slack channel or bucket owner to limit public access.

Updated over 7 months ago

When alerted by Wiz about a publicly exposed AWS S3 bucket containing sensitive data, this workflow assesses the risk by collecting details and enforces remediation processes. It requests approval via Slack to restrict public access. If consent is given, it adjusts the S3 bucket's public access settings. Otherwise, it escalates the issue by creating a Jira ticket, ensuring a consistent and transparent approach to managing potential data exposures.

Trigger

Wiz

Use Cases

CSPM

Workflow Breakdown

  1. Receive an alert from Wiz on a publicly exposed S3 bucket with sensitive information

  2. Gather details on the bucket including tags and the current bucket policy

  3. Ask the Slack channel for approval to limit the public access on the bucket

  4. If approved, set all public access settings to true on the bucket and update the comments and status on the Wiz alert

  5. If not approved, open an issue in Jira and note the response and add the Jira issue key to the Wiz alert

Vendors

AWS, Slack, Utils, Wiz, Jira Cloud

Workflow Output

Ask a question via Slack to limit the buckets public access.

Tips

Note: Limiting access to the bucket will set all 4 public access settings to true to limit access to the bucket

Did this answer your question?