AWS Events

AWS Security Events

Amazon Web Services (AWS) specific security events, detections, and incident response procedures. These events are typically sourced from AWS CloudTrail, CloudWatch, VPC Flow Logs, and other AWS native logging services.

Common AWS Attack Patterns

Console Login Anomalies: Unusual sign-in patterns or locations
IAM Privilege Escalation: Unauthorized role assumptions or policy modifications
S3 Bucket Exposure: Public bucket configurations or data exfiltration
EC2 Instance Compromise: Unauthorized instance access or lateral movement
Lambda Function Abuse: Serverless function exploitation for persistence

AWS-Specific Log Sources

AWS CloudTrail: API call logging and user activity
AWS CloudWatch: Application and infrastructure monitoring
VPC Flow Logs: Network traffic analysis
AWS Config: Configuration change tracking
Amazon GuardDuty: Threat detection service

ConsoleLogin

AWS

An IAM user logged in to the AWS console

Tactics: Initial Access Lateral Movement

Tags: AWSIAMConsole

AWS Events

AWS Security Events

Common AWS Attack Patterns

AWS-Specific Log Sources

Events Related to AWS