drop cloudtrail json logs · detect privilege escalation paths · credential theft · data exfiltration · lateral movement between services · unusual api patterns · flag attacker ips · runs locally
cloudtrail json
drop CloudTrail JSON
Records[] export · single events
drop CloudTrail JSON exports