AWS S3

Integration version: 4.0

Use Cases

Manage buckets
Download files from buckets
Upload files to buckets

Configure AWS S3 Integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Instance Name	String	N/A	No	Name of the Instance you intend to configure integration for.
Description	String	N/A	No	Description of the Instance.
AWS Access Key ID	String	N/A	Yes	AWS Access Key ID to use in integration.
AWS Secret Key	Password	N/A	Yes	AWS Secret Key to use in integration.
AWS Default Region	String	N/A	Yes	AWS default region to use in integration, for example us-west-2.
Run Remotely	Checkbox	Unchecked	No	Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent).

Actions

Ping

Description

Test connectivity to AWS S3 with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.

Use cases

Test Connectivity.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If successful: "Successfully connected to the AWS S3 server with the provided connection parameters!" The action should fail and stop a playbook execution: If not successful: "Failed to connect to the AWS S3 server! Error is {0}".format(exception.stacktrace)	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If successful:

"Successfully connected to the AWS S3 server with the provided connection parameters!"

The action should fail and stop a playbook execution:

If not successful:

"Failed to connect to the AWS S3 server! Error is {0}".format(exception.stacktrace)

General

List Buckets

Description

Retrieve a list of buckets from AWS S3.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

{
    "Buckets": [
        {
            "CreationDate": %Y-%m-%dT%H:%M:%S,
            "Name": "testsiemplify"
        }
    ],
    "Owner": {
        "DisplayName": "lab_aws",
        "ID": "935dc3fed0e1d2c5b12242cf9927370824f2438681a2d3c0523f254dbde41aba"
    },

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If status code == 200 (is_success = true) "Successfully listed available buckets in AWS S3". If other status code (is_success=false): "Action wasn't able to list available buckets in AWS S3. The action should fail and stop a playbook execution: If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "List Buckets". Reason: {0}''.format(error.Stacktrace)	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If status code == 200 (is_success = true) "Successfully listed available buckets in AWS S3".

If other status code (is_success=false): "Action wasn't able to list available buckets in AWS S3.

The action should fail and stop a playbook execution:

If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "List Buckets". Reason: {0}''.format(error.Stacktrace)

General

Get Bucket Policy

Description

Retrieve information about the bucket policy from AWS S3.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Bucket Name	String	N/A	Yes	Specify name of the bucket from which to retrieve policy information.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

{
    "Policy": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "AddPerm",
                "Effect": "Allow",
                "Principal": "*",
                "Action": "s3:GetObject",
                "Resource": "arn:aws:s3:::testsiemplify/*"
            }
        ]
    }

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If status code == 200 (is_success = true) "Successfully retrieved information about the policy of the "{0}" bucket in AWS S3".format(bucket_name) If other status code (is_success=false): "Action wasn't able to return information about the policy of the '{0}' bucket in AWS S3".format(bucket_name) The action should fail and stop a playbook execution: If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "Get Bucket Policy". Reason: {0}''.format(error.Stacktrace)	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If status code == 200 (is_success = true) "Successfully retrieved information about the policy of the "{0}" bucket in AWS S3".format(bucket_name)

If other status code (is_success=false): "Action wasn't able to return information about the policy of the '{0}' bucket in AWS S3".format(bucket_name)

The action should fail and stop a playbook execution:

If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "Get Bucket Policy". Reason: {0}''.format(error.Stacktrace)

General

Set Bucket Policy

Description

Set a policy in the bucket from AWS S3.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Bucket Name	String	N/A	Yes	Specify the name of the bucket on which you want to update the policy.
Policy JSON Object	String	N/A	Yes	Specify the JSON object of the policy that you want to set for the bucket. Examples can be found here: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

bucket_policy = {
    'Version': '2012-10-17',
    'Statement': [{
        'Sid': 'AddPerm',
        'Effect': 'Allow',
        'Principal': '*',
        'Action': ['s3:GetObject'],
        'Resource': f'arn:aws:s3:::{bucket_name}/*'
    }]
}

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If status code == 204 (is_success = true) "Successfully updated policy of the "{0}" bucket in AWS S3".format(bucket_name) If other status code (is_success=false): "Action wasn't able to update the policy of the '{0}' bucket in AWS S3".format(bucket_name) The action should fail and stop a playbook execution: If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "Set Bucket Policy". Reason: {0}''.format(error.Stacktrace)

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If status code == 204 (is_success = true) "Successfully updated policy of the "{0}" bucket in AWS S3".format(bucket_name)

If other status code (is_success=false): "Action wasn't able to update the policy of the '{0}' bucket in AWS S3".format(bucket_name)

The action should fail and stop a playbook execution:

If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "Set Bucket Policy". Reason: {0}''.format(error.Stacktrace)

List Bucket Objects

Description

Enables the user to deactivate a user account. The request body contains the user to disable. The account enabled property of the account should be set to false.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Bucket Name	String	N/A	Yes	Specify the name of the bucket from which to retrieve objects.
Max Objects to Return	Integer	N/A	No	Specify how many objects to return.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

"Contents": [
        {
            "Key": "text.txt",
            "LastModified": %Y-%m-%dT%H:%M:%S,
            "ETag": "d41d8cd98f00b204e9800998ecf8427e",
            "Size": 0,
            "StorageClass": "STANDARD",
            "Owner": {
                "DisplayName": "lab_aws",
                "ID": "935dc3fed0e1d2c5b12242cf9927370824f2438681a2d3c0523f254dbde41aba"
            }
        },
        {
            "Key": "text_1.txt",
            "LastModified": %Y-%m-%dT%H:%M:%S,
            "ETag": "d41d8cd98f00b204e9800998ecf8427e",
            "Size": 0,
            "StorageClass": "STANDARD",
            "Owner": {
                "DisplayName": "lab_aws",
                "ID": "935dc3fed0e1d2c5b12242cf9927370824f2438681a2d3c0523f254dbde41aba"
            }
        }
    ]

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If status code == 200 (is_success = true) "Successfully returned objects of the "{0}" bucket in AWS S3".format(bucket_name) If other status code (is_success=false): "Action wasn't able to return objects of the '{0}' bucket in AWS S3".format(bucket_name) The action should fail and stop a playbook execution: If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "List Bucket Objects". Reason: {0}''.format(error.Stacktrace)	General
Case Wall Table	Table Name: '{0}' Bucket Objects Columns: Key (mapped as Key) Last Modified (mapped as LastModified) Size (Bytes) (mapped as Size) Owner (mapped as Owner/DisplayName) Storage Class (mapped as Storage Class)	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If status code == 200 (is_success = true) "Successfully returned objects of the "{0}" bucket in AWS S3".format(bucket_name)

If other status code (is_success=false): "Action wasn't able to return objects of the '{0}' bucket in AWS S3".format(bucket_name)

The action should fail and stop a playbook execution:

If fatal error, like wrong credentials, no connection to the server, other: "Error executing action "List Bucket Objects". Reason: {0}''.format(error.Stacktrace)

General

Case Wall Table

Table Name: '{0}' Bucket Objects

Columns:

Key (mapped as Key)
Last Modified (mapped as LastModified)
Size (Bytes) (mapped as Size)
Owner (mapped as Owner/DisplayName)
Storage Class (mapped as Storage Class)

General

Download File From Bucket

Description

Download file from bucket in AWS S3.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
Bucket File Path	String	s3://{bucket_name}/{file_name}	Yes	Specify the path to the file in the bucket. Example: s3://siemplify/syslog/log.txt
Download Path	String	N/A	Yes	Specify the path, where to download the file.

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

{
"bucket_file_path": "s3://testsiemplify/test/123.txt"
"download_path": "/usr/bin/share/download.txt"
}

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If status code == 200 (is_success = true) "Successfully downloaded '{0}' from AWS S3".format(bucket_file_path) If other status code (is_success=false): "Action wasn't able to download '{0}' from AWS S3. Reason: file with that download path already exists." The action should fail and stop a playbook execution: If fatal error, like wrong credentials, no connection to the server, SDK errors, other: "Error executing action "Download File From Bucket". Reason: {0}''.format(error.Stacktrace)	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If status code == 200 (is_success = true) "Successfully downloaded '{0}' from AWS S3".format(bucket_file_path)

If other status code (is_success=false): "Action wasn't able to download '{0}' from AWS S3. Reason: file with that download path already exists."

The action should fail and stop a playbook execution:

If fatal error, like wrong credentials, no connection to the server, SDK errors, other: "Error executing action "Download File From Bucket". Reason: {0}''.format(error.Stacktrace)

General

Upload File To Bucket

Description

Upload file to bucket in AWS S3.

Parameters

Parameter Display Name	Type	Default Value	Is Mandatory	Description
File Path	String	N/A	Yes	Specify the path to the file that needs to be uploaded.
Bucket Upload Path	String	s3://{bucket_name}/{file_name}	Yes	Specify the path in the bucket to where the path should be uploaded. Example: s3://siemplify/syslog/log.txt

Run On

This action doesn't run on entities.

Action Results

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

{
"bucket_upload_path": "s3://testsiemplify/test/123.txt"
"file_path": "/usr/bin/share/download.txt"
}

Case Wall

Result Type	Value / Description	Type
Output message*	The action should not fail nor stop a playbook execution: If status code == 200 (is_success = true) "Successfully uploaded '{0}' to AWS S3 {1} bucket".format(file_path, bucket name aka first string after s3://) If the file does not exist (is_success = false) "Action wasn't able to upload '{0}' to AWS S3. Reason: file with that upload path does not exist." The action should fail and stop a playbook execution: If fatal error, like wrong credentials, no connection to the server, SDK errors, other: "Error executing action "Upload File To Bucket". Reason: {0}''.format(error.Stacktrace)	General

Result Type

Value / Description

Type

Output message*

The action should not fail nor stop a playbook execution:

If status code == 200 (is_success = true) "Successfully uploaded '{0}' to AWS S3 {1} bucket".format(file_path, bucket name aka first string after s3://)

If the file does not exist (is_success = false) "Action wasn't able to upload '{0}' to AWS S3. Reason: file with that upload path does not exist."

The action should fail and stop a playbook execution:

If fatal error, like wrong credentials, no connection to the server, SDK errors, other: "Error executing action "Upload File To Bucket". Reason: {0}''.format(error.Stacktrace)

General