Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AWS CloudTrail events Query

Copper Contributor

1 ) On Threat Intelligent Technic AWS Cloud trail and also looking for Relevant  Techniques (TXXX)  , find Query to looks in to cloud trail any IOC form TI.  Provide the Mitre Techniques name and Query . 


2 ) Sign in logs Form Email IOC , Looking for  MITRE technique name and Query to Run on sentinel.  

1 Reply
Have you taken a look in the Github, all the files have the Txxx number?

You can also you the repository to search for keywords like "IOC"