Threat-Detection-in-Amazon-CloudTrail-Logs

This project aims to guide you in enhancing threat detection within your AWS environment by exploring the anatomy of CloudTrail Events. It demonstrates how to leverage Amazon Athena's service for identifying unusual patterns, detecting potential security threats, and ensuring compliance.

METHODS OF THREAT DETECTION IN YOUR AWS ENVIRONMENT

🕵️‍♂️ Behavior-Based Threat Detection in the AWS
🕵️‍♂️ Detecting Anomalies in CloudTrail with CloudWatch
🕵️‍♂️ Detecting Anomalies using decoy
🕵️‍♂️ Threat Detection with CloudTrail Insights

READ ME 📖

Threat detection in AWS using Amazon Athena to Analyze Cloudtrail logs from flaws.cloud

Investigative Questions or queries evaluated in this lab include

🤌 Attempts to Launch EC2 instances by a specific user ARN
🤌 Who has Root access through the console
🤌 Hunting for sign-in failures to the AWS console
🤌 Investigating Created events (IAM, S3, and EC2) resources via AWS Management Console.
🤌 Investigating Created events (IAM, S3, and EC2) resources via AWS Management Console, AWS CLI, SDKs, or direct API calls
🤌 Hunting for a CloudTrail disruption
🤌 Hunting for unauthorized calls
🤌 Hunting for "whoami" identities
🤌 Efforts to compromise accounts by creating IAM users
🤌 Hunting for access secret in Secrets Manager
🤌 Hunting for xlarge EC2 Instances
🤌 Hunting for S3 Buckets Brute Force attempts
🤌 Hunting for suspicious user agents (Kali, Parrot, PowerShell)
🤌 Hunting for permanent key creation
🤌 Creation of public S3 buckets
🤌 Brute force attempts to assume roles
🤌 Attempts to perform recon actions on accounts

READ ME 📖

Threat detection🕵️‍♂️ in AWS using Amazon Athena Service - Hands-on Lab Guide