When alerted by Wiz about a publicly exposed AWS S3 bucket containing sensitive data, this workflow assesses the risk by collecting details and enforces remediation processes. It requests approval via Slack to restrict public access. If consent is given, it adjusts the S3 bucket's public access settings. Otherwise, it escalates the issue by creating a Jira ticket, ensuring a consistent and transparent approach to managing potential data exposures.
Trigger
Wiz
Use Cases
CSPM
Workflow Breakdown
Receive an alert from Wiz on a publicly exposed S3 bucket with sensitive information
Gather details on the bucket including tags and the current bucket policy
Ask the Slack channel for approval to limit the public access on the bucket
If approved, set all public access settings to true on the bucket and update the comments and status on the Wiz alert
If not approved, open an issue in Jira and note the response and add the Jira issue key to the Wiz alert
Vendors
AWS, Slack, Utils, Wiz, Jira Cloud
Workflow Output
Ask a question via Slack to limit the buckets public access.
Tips
Note: Limiting access to the bucket will set all 4 public access settings to true to limit access to the bucket