drop aws cloudtrail json log files or csv export · parse api call records across all aws services · surface credential abuse privilege escalation data exfiltration and infrastructure manipulation · reconstruct attacker activity timeline · runs locally
cloudtrail logs
drop CloudTrail JSON / CSV / .json.gz
Records[] export · multiple files ok
event risk from cloudtrail risk database · lookupCloudTrailRisk()
drop cloudtrail json or csv · .json.gz supported