AWS FSx Excessive File Denied

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect and identify users accessing files they do not have permission to access.

Strategy

Monitor AWS FSx logs and detect more than 10 occurrences where @evt.id is equal to 4656 and @Event.System.Keywords is equal to 0x8010000000000000.

Triage & Response

  1. Inspect the log and determine if the user should be accessing the file: {{@ObjectName}}.
  2. If access is not legitimate, investigate user ({{@usr.id}}) activity.
PREVIEWING: rtrieu/product-analytics-ui-changes