Scheduled Service Change: Security Events to be Captured in Cornell AWS Accounts
Event:
2020-12-02 11:00:00
Expected Duration:
2020-12-03 04:00:00
Status:
Closed
Brief Description:
The CIT Cloud Team will deploy a set of EventBridge Event Rules to all Cornell AWS accounts to capture activity in AWS that is or could be an indicator of an account breach or malicious activity.
User Impact:
None.
Services Affected:
Cloudification
Subsites Affected:
Collaboration Tools
Full Description:
The CIT Cloud Team will deploy a set of EventBridge Event Rules to all Cornell AWS accounts to capture activity in AWS that is or could be an indicator of an account breach or malicious activity. These Rules will filter AWS account activity for specific security-related events and pass those events to a central Cornell AWS account. In that central account, those events will trigger notifications for Cloud Team review. In one case, where the event is a Trusted Advisor notice of a publicly exposed IAM access key, the event will trigger automatic deletion of the exposed access key in order to prevent malicious use of the key.
There will be no outages of any AWS services during this update. Customers do not need to take any action.
Details at https://confluence.cornell.edu/x/gD0kFw
There will be no outages of any AWS services during this update. Customers do not need to take any action.
Details at https://confluence.cornell.edu/x/gD0kFw
CIT TDX ID:
190313
Timeline of Changes
Description | Current Status | Date | Time |
---|---|---|---|
The CIT Cloud Team will deploy a set of EventBridge Event Rules to all Cornell AWS accounts to capture activity in AWS that is or could be an indicator of an account breach or malicious activity. These Rules will filter AWS account activity for specific security-related events and pass those events to a central Cornell AWS account. In that central account, those events will trigger notifications for Cloud Team review. In one case, where the event is a Trusted Advisor notice of a publicly exposed IAM access key, the event will trigger automatic deletion of the exposed access key in order to prevent malicious use of the key. There will be no outages of any AWS services during this update. Customers do not need to take any action. Details at https://confluence.cornell.edu/x/gD0kFw | 2020-11-25 | 13:49:25 |