Use Cases
S3 Activity Investigator
Assists in investigating AWS S3 bucket activity by querying CloudTrail logs and providing summaries of user actions, anomalies, and security risks. Helps identify high-risk behavior, misconfigurations, and supports incident response — while providing clear recommendations for next steps.
Access & Data Security Monitoring
Tools
 |  | |||
|---|---|---|---|---|
Scanner | Jira |
Trigger
New JIRA Ticket
Agent Flow
This assistant helps analysts investigate S3 bucket activity using AWS CloudTrail logs. Based on a provided investigation goal, it queries the AWS_CLOUDTRAIL source to:
Analyze relevant S3 event types (e.g., GetObject, PutObject, DeleteObject)
Correlate user identities, roles, IPs, and time frames
Summarize dominant actions and detect anomalies (e.g., spikes in activity, unknown users, unusual IPs)
If input is vague or missing key details (like time range or user), the bot will ask clarifying questions to refine the investigation. Based on the output, it also suggests logical next steps such as:
Further queries by user, bucket, or timeframe
Reviewing IAM policies
Escalating to incident or remediating excessive access