Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

The Blind Bucket

Max room.

You have locked the bucket and encrypted the data, but there is a missing ingredient.

medium

45 min

0

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

access logging is one of the most frequently missed security controls in deployments. It is not enabled by default on new buckets, and does not log data events by default.

This leaves a blind spot for any activity, but by the end of this room, you will be able to shed some light on it.

Learning Objectives

  • Explain the difference between server access logs and data events
  • Identify buckets with no access logging configured
  • Enable data events for specific buckets
  • Enable server access logging as a complementary record
  • Query logs through Logs Insights to identify suspicious data access patterns

Prerequisites

Answer the questions below

I am blind, not deaf.