aws-summarize-account-activity
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used. The summary is written to a JSON output file and can optionally be visualized as PNG files. Usage: - Make sure you have AWS credentials configured for your target account. - This can either be done using environment variables or by specifying a named profile in the optional --profile argument. Example run: - pip install -r requirements.txt - python aws_summarize_account_activity.py Supported arguments: - All arguments are optional: --activity-type {ALL,SUCCESSFUL,FAILED}: type of CloudTrail data to analyze: all API calls (default), only successful API calls, or only API calls that AWS declined with an error message --dump-raw-cloudtrail-data: store a copy of all gathered CloudTrail data in JSONL format --past-hours HOURS: hours of CloudTrail data to look back and analyze default: 336 (=14 days), minimum: 1, maximum: 2160 (=90 days) --plot-results: generate PNG files that visualize the JSON output file --profile PROFILE: named AWS profile to use when running the command Notes: - The script requires AWS credentials to access the CloudTrail data.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Azucar is a multi-threaded plugin-based tool for assessing Azure Cloud security.
A security tool that monitors AWS objects for ownership attribution, detects domain hijacking, and verifies security services.
Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
A cloud-native security platform that combines vulnerability management, workload protection, and security monitoring for cloud environments with context-aware threat detection capabilities.
A cloud-based security platform providing WAAP, ZTNA, public cloud security management, and threat intelligence sharing capabilities.
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
A cloud native application protection platform that provides unified visibility, risk assessment, and remediation capabilities across multi-cloud and hybrid environments.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.