> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/ko/search/data-explorer/example-queries/s3-access-logs-queries.md). # S3 액세스 로그 쿼리 ## S3 버킷과 통신하는 DISTINCT IP 주소를 찾아 순위를 매기기 S3 버킷의 잘못된 구성은 주요 위협 벡터입니다. 공개 읽기가 의도되지 않았던 개방형 버킷이 감지되면, 부적절한 접근이 있었는지 이해하는 것이 매우 중요합니다. 이 쿼리는 관심 대상 버킷에 접근하는 모든 IP 주소를 수집하고 순위를 매깁니다. 이 주소들은 검토하여 조직 외부의 것이 있는지 확인해야 하며, 있다면 데이터 유출이 있었을 수 있습니다.**.** ```sql SELECT remoteip, count(1) AS total_rows FROM panther_logs.public.aws_s3serveraccess WHERE p_occurs_between('2021-01-01', '2021-02-01') AND bucket='somebucket' GROUP BY remoteip ORDER BY total_rows DESC ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.panther.com/ko/search/data-explorer/example-queries/s3-access-logs-queries.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.