Stats
Actions
Tags
From cybersec-toolkit
Detects anomalies in AWS S3, GCS, Azure Blob Storage access via CloudTrail, audit logs, Storage Analytics. Flags bulk downloads, new IPs, API spikes, exfiltration using stats and time-series detection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:analyzing-cloud-storage-access-patternsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When investigating security incidents that require analyzing cloud storage access patterns
pip install boto3 requestspython scripts/agent.py --bucket my-sensitive-data --hours-back 24 --output s3_access_report.json
{"eventName": "GetObject", "requestParameters": {"bucketName": "sensitive-data", "key": "financials/q4.xlsx"},
"sourceIPAddress": "203.0.113.50", "userIdentity": {"arn": "arn:aws:iam::123456789012:user/analyst"}}
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitDetects abnormal cloud storage access patterns (AWS S3, GCS, Azure Blob) via audit logs, identifying bulk downloads, new IPs, unusual API calls, and potential data exfiltration using statistical baselines.
Detects abnormal access patterns in AWS S3, GCS, Azure Blob Storage by analyzing CloudTrail Data Events, GCS audit logs, Azure Storage Analytics. Identifies bulk downloads, new IPs, API spikes, exfiltration via statistical baselines and anomaly detection.
Analyzes CloudTrail Data Events, GCS audit logs, and Azure Storage Analytics to detect anomalous access in AWS S3, GCS, and Blob Storage: off-hours bulk downloads, new IPs, GetObject spikes, potential exfiltration via baselines and time series.