AWS CloudTrail events Query

New Contributor

1 ) On Threat Intelligent Technic AWS Cloud trail and also looking for Relevant  Techniques (TXXX)  , find Query to looks in to cloud trail any IOC form TI.  Provide the Mitre Techniques name and Query . 

 

2 ) Sign in logs Form Email IOC , Looking for  MITRE technique name and Query to Run on sentinel.  

1 Reply
Have you taken a look in the Github, all the files have the Txxx number? https://github.com/Azure/Azure-Sentinel/tree/master/Detections/AWSCloudTrail

You can also you the repository to search for keywords like "IOC"