Cloud Attacks

Overview # In last part of cloudtrail log analysis we have identified that there are three suspicious ARN and 4 IPs out of which 2 belongs to the AWS and objects are downloaded from betadocumentsv2 s3 bucket and activity started around 4 Jul 2024 12:00, In this we will try to build a timeline of the events and find a conclusion exactly what services are compromised.

Overview # This part of AWS Threat Detection series will focus on how CloudTrail logs can be used to detect the attacks in AWS environment, how those can be mapped to the MITRE Attack Framework and try to understand the process of investigation rather than focusing specific attacks.