AWS security-ir documentation change
Summary
Added changelog entry documenting SLR policy updates for GuardDuty Auto-Archival filter management permissions.
Security assessment
Documents new permissions (e.g., guardduty:GetAdministratorAccount) for security incident response roles, which are security features. However, no explicit evidence of a patched vulnerability is provided.
Diff
diff --git a/security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md b/security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md index 06d3adf69..c95e09edc 100644 --- a//security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md +++ b//security-ir/latest/userguide/document-history-for-the-aws-security-incident-response-user-guide.md @@ -8,0 +9 @@ Change | Description | Date +Updates to SLR adding permissions to support service entitlements. | [AWSSecurityIncidentResponseTriageServiceRolePolicy](./aws-managed-policies.html#AWSSecurityIncidentResponseTriageServiceRolePolicy) has been updated to add security-ir:GetMembership, security-ir:ListMemberships, security-ir:UpdateCase, guardduty:ListFilters, guarduty:UpdateFilter, guardduty:DeleteFilter, and guardduty:GetAdministratorAccount permissions. guardduty:GetAdministratorAccount was added to facilitate management of GuardDuty Auto-Archival filters in delegated accounts. | June 02, 2025