Forum Discussion
AWS CloudTrail events Query
1 ) On Threat Intelligent Technic AWS Cloud trail and also looking for Relevant Techniques (TXXX) , find Query to looks in to cloud trail any IOC form TI. Provide the Mitre Techniques name and Query .
2 ) Sign in logs Form Email IOC , Looking for MITRE technique name and Query to Run on sentinel.
- CliveWatson
Microsoft
Have you taken a look in the Github, all the files have the Txxx number? https://github.com/Azure/Azure-Sentinel/tree/master/Detections/AWSCloudTrail
You can also you the repository to search for keywords like "IOC"
