PutBucketReplication
Event
Enables replication for an S3 bucket, automatically copying objects to a destination bucket in the same or another region.
Security Context
- Transferring data to external cloud accounts or regions can bypass network-based data loss prevention controls and exfiltrate large volumes of data.
Log Source
CloudTrail
Sample Event
MITRE ATT&CK Mapping
Tactics: Exfiltration
Techniques:
- T1537 — Transfer Data to Cloud Account — Adversaries may exfiltrate data by transferring the data, including through sharing/syncing and creating backups of cloud environments, to another cloud account they control on the same service. A defender who is monitoring for large transfers to outside the cloud environment through normal file ...