Skip to content



Tool Description
  • Automatically organizes your CloudTrail logs in a format suitable for simple querying with Athena
  • Determine what AWS API calls are logged by CloudTrail and what they are logged as
  • You can also use TrailBlazer as an attack simulation framework
  • CloudTrail based anomaly detection for use in AWS
  • It keeps track of all API actions a principal calls (that are tracked by CloudTrail) for a N day period and alerts on new API calls after the N day period
CloudTrail Insights
  • Identify and Respond to Unusual API Activity
  • The best way to tail AWS CloudWatch Logs from your terminal.
  • A simple Lambda that monitors your CloudTrail log files to find manual actions taken in your accounts


Tool Description
Creds Compromise Detection
  • Detecting Credential Compromise in AWS
Detect Console Actions
  • Detecting Manual AWS Console Actions
  • Setup Cloudtrail alerting rules that let you detect when someone makes a manual change in the AWS Console
AWS Console Recorder
  • Records actions made in the AWS Management Console and outputs the equivalent CLI/SDK commands and CloudFormation/Terraform templates