aws-summarize-account-activity
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used. The summary is written to a JSON output file and can optionally be visualized as PNG files. Usage: - Make sure you have AWS credentials configured for your target account. - This can either be done using environment variables or by specifying a named profile in the optional --profile argument. Example run: - pip install -r requirements.txt - python aws_summarize_account_activity.py Supported arguments: - All arguments are optional: --activity-type {ALL,SUCCESSFUL,FAILED}: type of CloudTrail data to analyze: all API calls (default), only successful API calls, or only API calls that AWS declined with an error message --dump-raw-cloudtrail-data: store a copy of all gathered CloudTrail data in JSONL format --past-hours HOURS: hours of CloudTrail data to look back and analyze default: 336 (=14 days), minimum: 1, maximum: 2160 (=90 days) --plot-results: generate PNG files that visualize the JSON output file --profile PROFILE: named AWS profile to use when running the command Notes: - The script requires AWS credentials to access the CloudTrail data.
FEATURES
ALTERNATIVES
S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
Cloud security platform that provides configuration monitoring, compliance management, and security analysis across multi-cloud environments.
A tool to analyze and audit AWS environments for security issues and misconfigurations.
In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
Cloud Security Dashboard with AWS CIS Security Benchmarks and JIRA integration.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.