There are 6 repositories under cloudtrail topic.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
A command-line tool to get valuable information out of AWS CloudTrail
Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail.
Deploy an high available K3s cluster on Amazon AWS
Retrospectively tag AWS resources so you can work out who created them
Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs
A serverless, event-driven AWS configuration collection service with configuration versioning.
Several bundled Graylog plugins to integrate with different AWS services like CloudTrail and FlowLogs.
Parse AWS CloudTrail events and send alerts to Slack for events that match pre-configured rules
Adaptive AWS Zero Trust Policy made easy: Auto-generate least-privilege policies based on user activity in real time! Accelerate the adoption of smart access control
S3 bucket with built in IAM policy to allow CloudTrail logs
Advanced AWS Security Automation Resources: Used by Udemy Course 🎓
Easily export AWS CloudTrail events to ElasticSearch
Publicly-listed AWS account IDs for easy lookup. Great for cleaning up false positives from unknown Account IDs in Cloudtrail
Cloudtrail Log Analytics using Amazon Elasticsearch Service - AWS Serverless Application
Serverless Platform for Enhanced Insights from CloudTrail Logs
Automate the daily partitioning of your CloudTrail bucket in Athena
SVS402 - Examples from re:Invent 2020 presentation by James Beswick (@jbesw).
Detect AWS usage anomalies in near-real time using OpenSearch Anomaly Detection and CloudTrail for improved cost management and security
Blazing fast single purpose cli for CloudTrail log filtering
Minimalist containerized implementation of Prowler from https://github.com/toniblyx/prowler, made to run within ECS Fargate and have Secrets passed via AWS Secrets Manager
The structure of the events from CloudTrail are similar to responses seen when using boto3. Boto3 is powered by the botocore library. The botocore library contains a data directory that describes the API calls (requests and responses). This library allows you to interact with the data directories of botocore to see the API request and responses. This is to help you write custom AWS Config rules and or CloudCustodian policies.
cli tool for searching cloudtrail events using fuzzy search
Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs
Terraform module to create an Secure Basline, inclued module is alarm baseline, config baseline, and clouddtrail baseline.
Terraform module to ship CloudTrail logs stored in a S3 bucket into a Kinesis stream for further processing and real-time analysis.
AWS Security Webinar - June 2018
Simple Terraform orchestration for robust CloudTrail implementation in your AWS account.
Short deep dive into Threat Hunting on AWS
Terraform module for AWS CloudTrail with CloudWatch Alarms and an SNS Topic
Configure CloudTrail logging to CloudWatch Logs and S3