Cloud Storage Metadata

Cloud Storage Metadata provides contextual information about cloud storage infrastructure and its associated activity. This data may include attributes such as storage name, size, owner, permissions, creation date, region, and activity metadata. It is essential for monitoring, auditing, and identifying anomalies in cloud storage environments. Examples:

AWS S3 Bucket Metadata: Metadata about an S3 bucket includes the bucket name, region, creation date, owner, storage class, and permissions.
Azure Blob Storage Metadata: Metadata for an Azure Blob container includes container name, access level (e.g., private or public), size, and tags.
Google Cloud Storage Metadata: Metadata includes bucket name, storage class, location, labels, lifecycle policies, and versioning status.
OpenStack Swift Metadata: Metadata for a Swift container includes name, access level, quota, and custom attributes.

ID: DC0027

Domains: Enterprise

Version: 2.0

Created: 20 October 2021

Last Modified: 12 November 2025

Log Sources

Name	Channel
AWS:CloudTrail	Post-authentication metadata enumeration from GUI session
m365:unified	AnonymousLinkCreated
saas:box	collaboration.invite
saas:dropbox	Shared link created to external account

Detection Strategy

ID	Name	Technique Detected
DET0573	Cross-Platform Detection of Data Transfer to Cloud Account	T1537
DET0291	Detection of Cloud Service Dashboard Usage via GUI-Based Cloud Access	T1538