Cloud Storage Modification

Cloud Storage Modification involves tracking changes made to cloud storage infrastructure, including updates to settings, permissions, or stored data. Examples include modifying object access control lists (ACLs), uploading new objects, or updating bucket policies. Examples:

AWS S3: An object is uploaded or its ACL is modified.
- Azure Blob Storage: A blob's metadata or permissions are updated.
- Google Cloud Storage: An object's lifecycle policy is updated, or a bucket policy is changed.
- OpenStack Swift: Modifications to container settings or uploading of new objects.

This data component can be collected through the following measures:

Enable Logging

• AWS S3: Enable AWS CloudTrail to log API events like PutObject, PutObjectAcl, and PutBucketPolicy.
• Azure Blob Storage: Use Azure Monitor to log write and update operations.
• Google Cloud Storage: Enable Google Cloud Audit Logs to track storage.objects.update and storage.buckets.update.
• OpenStack Swift: Enable logging for PUT and POST requests to track object uploads and container metadata updates.

Use Cloud Monitoring Tools

• Integrate with tools like AWS Config, Azure Security Center, or Google Cloud Monitoring to detect configuration drift or unauthorized changes.

Centralized Log Aggregation

• Use a SIEM (e.g., Splunk) to aggregate logs across multiple cloud providers for unified monitoring and analysis.

Periodic API Queries

• AWS CLI Example: Query recent modifications to bucket policies: aws s3api get-bucket-policy --bucket sensitive-data
• Azure CLI Example: List changes to a blob container: az storage blob show --container-name private-docs
• Google Cloud CLI Example: Check metadata updates: gcloud storage objects describe gs://user-uploads/document.txt