AWS Security ChangesHomeSearch

AWS security-ir documentation change

Service: security-ir · 2025-06-04 · Documentation low

File: security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md

Summary

Added changelog entry documenting SLR policy updates for GuardDuty Auto-Archival filter management permissions.

Security assessment

Documents new permissions (e.g., guardduty:GetAdministratorAccount) for security incident response roles, which are security features. However, no explicit evidence of a patched vulnerability is provided.

Diff

diff --git a/security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md b/security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md
index 06d3adf69..c95e09edc 100644
--- a//security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md
+++ b//security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md
@@ -8,0 +9 @@ Change  |  Description  |  Date
+Updates to SLR adding permissions to support service entitlements. |  [AWSSecurityIncidentResponseTriageServiceRolePolicy](./aws-managed-policies.html#AWSSecurityIncidentResponseTriageServiceRolePolicy) has been updated to add security-ir:GetMembership, security-ir:ListMemberships, security-ir:UpdateCase, guardduty:ListFilters, guarduty:UpdateFilter, guardduty:DeleteFilter, and guardduty:GetAdministratorAccount permissions. guardduty:GetAdministratorAccount was added to facilitate management of GuardDuty Auto-Archival filters in delegated accounts. | June 02, 2025