CloudTrail Log Activity DashboardCloudTrail Log DetectionsCloudTrail Log Root User Activity ReportMITRE ATT&CK v16.1
Dashboard: CloudTrail Log Activity Dashboard
This dashboard contains 1 card.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/tailpipe-mod-aws-cloudtrail-log-detectionsStart the Powerpipe server:
powerpipe serverOpen http://localhost:9033 in your browser and select CloudTrail Log Activity Dashboard dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe dashboard run aws_cloudtrail_log_detections.dashboard.activity_dashboard --shareQueries
This dashboard uses the the following queries:
select recipient_account_id, count(*) as "Logs"from aws_cloudtrail_loggroup by recipient_account_idorder by count(*) desc;