Tailpipe is an open-source CLI tool that allows you to collect logs and query them with SQL.
AWS provides on-demand cloud computing platforms and APIs to authenticated customers on a metered pay-as-you-go basis.
The AWS S3 Server Access Log Detections Mod contains pre-built dashboards and detections, to monitor and analyze access patterns, security risks, and data activity across your S3 buckets.
Run detection benchmarks:
View insights in dashboards:
Install Powerpipe from the downloads page:
# MacOS
brew install turbot/tap/powerpipe# Linux or Windows (WSL)
sudo /bin/sh -c "$(curl -fsSL https://powerpipe.io/install/powerpipe.sh)"This mod also requires AWS S3 server access logs to be collected using Tailpipe with the AWS plugin:
Install the mod:
mkdir dashboards
cd dashboards
powerpipe mod install github.com/turbot/tailpipe-mod-aws-s3-server-access-log-detectionsStart the dashboard server:
powerpipe serverBrowse and view your dashboards at http://localhost:9033.
Instead of running benchmarks in a dashboard, you can also run them within your
terminal with the powerpipe benchmark command:
List available benchmarks:
powerpipe benchmark listRun a benchmark:
powerpipe benchmark run aws_s3_server_access_log_detections.benchmark.mitre_attack_v161Different output formats are also available, for more information please see Output Formats.
This repository is published under the Apache 2.0 license. Please see our code of conduct. We look forward to collaborating with you!
Tailpipe and Powerpipe are products produced from this open source software, exclusively by Turbot HQ, Inc. They are distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our Open Source FAQ.
Join #tailpipe and #powerpipe on Slack →
Want to help but don't know where to start? Pick up one of the help wanted issues: