AWS CloudTrail events Query

1 ) On Threat Intelligent Technic AWS Cloud trail and also looking for Relevant Techniques (TXXX) , find Query to looks in to cloud trail any IOC form TI. Provide the Mitre Techniques name and Query .

2 ) Sign in logs Form Email IOC , Looking for MITRE technique name and Query to Run on sentinel.

1 Reply

Have you taken a look in the Github, all the files have the Txxx number? https://github.com/Azure/Azure-Sentinel/tree/master/Detections/AWSCloudTrail

You can also you the repository to search for keywords like "IOC"