AWS Securlet scope and support for Amazon Elastic File System (EFS):
Evaluate applicable Policies to content inspection, network, and management events relating to EFS.
AWS Securlet
DLP Enforce (v15.8)
Amazon Elastic File System - testing in a Virtual Private Cloud for US-WEST-1 Region with two endpoints (one on Subnet us-west-1a and the other on us-west-1c).
Image below - both endpoints accessing the same file system containing documents containing PII and PCI.
Evaluate logging in CloudSOC Investigate with filter set to AWS Securlet:
Network events such as Security Group creation, launching of EC2 instances, attaching of Network Interface are included in the Securlet logging to Investigate.
Once the endpoint is mounted to the EFS, actions such as folder creation, file creation (upload/download) do not yield logging activity to the Securlet.
The creation (or deletion) of the Elastic File Systems (independent of the endpoints (EC2's) they are mounted only log network activity to the Securlet.
Content Inspection is not supported at this time for Elastic File System.
The AWS Securlet Policy does support certain activities relating to the endpoints (EC2's), the Security events, network events, etc.; however, the EFS doesn't currently directly log activity.