AWS CloudTrail events Query

%3CLINGO-SUB%20id%3D%22lingo-sub-1651136%22%20slang%3D%22en-US%22%3EAWS%20CloudTrail%20events%20Query%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1651136%22%20slang%3D%22en-US%22%3E%3CP%3E1%20)%20On%20Threat%20Intelligent%20Technic%20AWS%20Cloud%20trail%20and%20also%20looking%20for%20Relevant%26nbsp%3B%20Techniques%20(TXXX)%26nbsp%3B%20%2C%20find%20Query%20to%20looks%20in%20to%20cloud%20trail%20any%20IOC%20form%20TI.%26nbsp%3B%20Provide%20the%20Mitre%20Techniques%20name%20and%20Query%20.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2%20)%20Sign%20in%20logs%20Form%20Email%20IOC%20%2C%20Looking%20for%26nbsp%3B%20MITRE%20technique%20name%20and%20Query%20to%20Run%20on%20sentinel.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

1 ) On Threat Intelligent Technic AWS Cloud trail and also looking for Relevant  Techniques (TXXX)  , find Query to looks in to cloud trail any IOC form TI.  Provide the Mitre Techniques name and Query . 

 

2 ) Sign in logs Form Email IOC , Looking for  MITRE technique name and Query to Run on sentinel.  

1 Reply
Have you taken a look in the Github, all the files have the Txxx number? https://github.com/Azure/Azure-Sentinel/tree/master/Detections/AWSCloudTrail

You can also you the repository to search for keywords like "IOC"