-
## Overview
In the AWS integration, most of our detections, rely on the following fields.
- `event.dataset`
- `event.provider`
- `event.action`
- `event.outcome`
- `aws.cloudtrail.request_para…
-
Top 10 AWS Services: (see compatible versions on GCP and Azure)
- P0 | S3 - GCP Bucket - Azure Storage
- P0 | IAM
- P0 | SNS/SQS
- P0 | Lambda - GCP Functions - Azure Function
- P0 | CloudWatch
- P…
-
**Description of problem:**
The aws cloud trail log parser does not work with current cloudtrail data.
**Source data:**
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-l…
-
- Version: `1.1.1`
- Local OS Version: `Ubuntu 20.04.5 LTS`
- Local chip architecture: `x86_64`
- Reproduces in: `432896750513`
Steps to Reproduce:
1. python3 scan.py -s scan/sample/all_s…
-
SecurityAudit allows this call. Can see if lambda and s3 object access is recorded.
-
Good afternoon, the message in CloudTrail appears incomplete, does anyone know how to retrieve the complete encoded message?
eg.:
"errorMessage": "You are not authorized to perform this operat…
-
A very common use case for S3 polling is ingest of CloudTrail logs, which have a fixed key format within a bucket:
`/AWSLogs//CloudTrail/////_CloudTrail___.json.gz`
Given this fixed structure, ingest…
-
Hi,
Does anyone have an example of CloudTrail Data Event for S3?
I have a few buckets I need to enable event selector on for both read and write API events to a dedicated logging bucket.
Docu…
-
### Documentation Link
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#import
### Description
The documentation states to use the CloudTrail ARN when doing a …
-
[AWS document](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html#troubleshooting-s3-bucket-policy) that [a service principal name](https://docs.aws…