Skip to content

Monitoring

CloudTrail

Tool Description
CloudTrail-Partitioner
  • Automatically organizes your CloudTrail logs in a format suitable for simple querying with Athena
TrailBlazer
  • Determine what AWS API calls are logged by CloudTrail and what they are logged as
  • You can also use TrailBlazer as an attack simulation framework
CloudTrail-Anomaly
  • CloudTrail based anomaly detection for use in AWS
  • It keeps track of all API actions a principal calls (that are tracked by CloudTrail) for a N day period and alerts on new API calls after the N day period
CloudTrail Insights
  • Identify and Respond to Unusual API Activity
cw
  • The best way to tail AWS CloudWatch Logs from your terminal.
ClickOops
  • A simple Lambda that monitors your CloudTrail log files to find manual actions taken in your accounts

Detection

Tool Description
Creds Compromise Detection
  • Detecting Credential Compromise in AWS
Detect Console Actions
  • Detecting Manual AWS Console Actions
  • Setup Cloudtrail alerting rules that let you detect when someone makes a manual change in the AWS Console
AWS Console Recorder
  • Records actions made in the AWS Management Console and outputs the equivalent CLI/SDK commands and CloudFormation/Terraform templates