Skip to main content

Scheduled Service Change: Security Events to be Captured in Cornell AWS Accounts

Event:
2020-12-02 06:00:00
Expected Duration:
2020-12-02 23:00:00
Status:
Closed
Brief Description:
The CIT Cloud Team will deploy a set of EventBridge Event Rules to all Cornell AWS accounts to capture activity in AWS that is or could be an indicator of an account breach or malicious activity.
User Impact:
None.
Services Affected:
Cloudification
Subsites Affected:
Cloudification
Full Description:
The CIT Cloud Team will deploy a set of EventBridge Event Rules to all Cornell AWS accounts to capture activity in AWS that is or could be an indicator of an account breach or malicious activity. These Rules will filter AWS account activity for specific security-related events and pass those events to a central Cornell AWS account. In that central account, those events will trigger notifications for Cloud Team review. In one case, where the event is a Trusted Advisor notice of a publicly exposed IAM access key, the event will trigger automatic deletion of the exposed access key in order to prevent malicious use of the key.

There will be no outages of any AWS services during this update. Customers do not need to take any action.

Details at https://confluence.cornell.edu/x/gD0kFw
CIT TDX ID:
190313



Timeline of Changes

Description Current Status Date Time
The CIT Cloud Team will deploy a set of EventBridge Event Rules to all Cornell AWS accounts to capture activity in AWS that is or could be an indicator of an account breach or malicious activity. These Rules will filter AWS account activity for specific security-related events and pass those events to a central Cornell AWS account. In that central account, those events will trigger notifications for Cloud Team review. In one case, where the event is a Trusted Advisor notice of a publicly exposed IAM access key, the event will trigger automatic deletion of the exposed access key in order to prevent malicious use of the key. There will be no outages of any AWS services during this update. Customers do not need to take any action. Details at https://confluence.cornell.edu/x/gD0kFw 2020-11-25 08:49:25