Blink Automation: Find AccessDenied Events and Send Report to Slack Channel

EXPLORE BY SECURITY

EXPLORE BY INFRASTRUCTURE

EXPLORE BY LICENSE

Basic

Featured

EXPLORE BY VENDOR

Adobe Cloud

Anodot

Apex One

Asana

auth0

Authomize

AWS

AWS SSO

Azure

Azure Active Directory

Azure DevOps

Azure Log Analytics

BambooHR

BigPanda

Bitbucket

Bitsight

Black Kite

Blink

Box

Cato Networks

Check Point Harmony

Check Point Management

Cloudflare

Compass

Confluence

Coralogix

Cortex XDR

CrowdStrike

Datadog

DataSet

Discord

Domo

Drata

Dropbox

Duo

Dynatrace

Elasticsearch

Email

Ermetic

Exchange Online

F5 BIG IP

Falcon Surface

Forcepoint DLP

FortiGate

Freshservice

GCP

Git

GitHub

GitLab

Gmail

Google Chat

Google Docs

Google Drive

Google Looker

Google Sheets

Google Workspace

Grafana

HiBob

HubSpot

Hybrid Analysis

Imperva

Intercom

IPinfo

Ironscales

Ivanti RiskSense

Jamf

JetBrains

JFrog

Jira

Joe Sandbox

JumpCloud

Kandji

KnowBe4

Kubernetes

LaunchDarkly

Linear

Litmos

LogicMonitor

Microsoft Defender For Cloud

Microsoft Defender For Cloud Apps

Microsoft Defender For Endpoints

Microsoft Intune

Microsoft Outlook

Microsoft Sentinel

Microsoft Teams

Monday

MongoDB Atlas

New Relic

Notion

Okta

OneDrive

OpenAI

Opsgenie

OPSWAT

Oracle Cloud

Orca Security

OWASP ZAP

PagerDuty

Palo Alto Firewall

Panther

Perception Point

Pingdom

Postman

Postman SCIM

Prisma Cloud CSPM

Prisma Cloud CWP

Prometheus

Proofpoint

QRadar

Qualys

Rapid7

Reco

Recorded Future

Rippling

SailPoint

Salesforce

SentinelOne

Sentra

ServiceNow

SharePoint

Shodan

Shopify

Silverfort

Slack

Snipe-IT

Snyk

SolarWinds Service Desk

SonarQube

Split

Splunk

Sumo Logic

Symantec EDR

Tanium

TeamCity

TeamViewer

Telegram

Tenable

Terraform

Terraform Cloud

Trello

Veracode

VirusTotal

VMware vSphere

WhatsApp

Wiz

Workspace ONE UEM

YesWeHack

Zendesk

Zoom

Zscaler Internet Access

Zscaler Private Access

Security3,745 Automations

Cloud Security

+ 27

347

Email Security

+ 5

115

SOC & Incident Response

+ 15

300

Data Security

+ 16

245

SaaS Security

+ 12

168

Compliance & Governance

+ 15

1213

Endpoint Security

+ 17

456

Network Security

+ 9

245

Threat Hunting

+ 22

469

Identity & Access

+ 18

305

Vulnerability Management

+ 4

170

HR Security

+ 14

181

Credential Security

2

Code Security

38

Utilities

+ 21

540

Infrastructure4,323 Automations

Resource Creation

+ 6

459

Network Management

1022

Identity Access Management

+ 9

583

CI/CD

+ 2

388

Storage Management

+ 6

1129

Developer Platform

+ 27

778

Cost Optimization

+ 5

169

Compute Management

+ 1

1016

Backup & Migration

2

Kubernetes Management

+ 3

346

Observability & Monitoring

+ 16

1574

Incident Response

+ 13

388

No-code automation for CloudOps
Purpose-built for DevOps and SecOps

Follow us on

ResourcesDocumentation How-to guides

CompanyAbout us Careers Blog Contact us

LegalPrivacy policy Terms of service

© 2022 Blink. All rights reserved.

Find AccessDenied Events and Send Report to Slack Channel

Find AccessDenied Events and Send Report to Slack Channel

This automation lists "AccessDenied" events with users and source IP addresses and reports the results to the Slack channel. Any event in your AWS account that attempts to act beyond the limits of authorized permissions will trigger an "AccessDenied" error. Tracking "AccessDenied" errors in your AWS account is a useful way to identify security threats and optimize your IAM permissions.

Breakdown

Format start time to epoch time.
Get AccessDenied events and format the logs.
Send report to Slack channel.

TRIGGER: On-Demand

log_group_name

region

slack_channel

start_time

Steps

1

Format start time to epoch time

Note: step 2 might take a while -

Change the step timeout parameter if needed.

2

Get AccessDenied events

3

Format the logs

4

Send report to Slack channel

End

OUTPUTS

No outputs