CloudTrail Partitioner
This project sets up partitioned Athena tables for your CloudTrail logs and updates the partitions nightly. It is based on work by Alex Smolen in his post Partitioning CloudTrail Logs in Athena. You can immediately deploy the CDK app, but I recommend first running this manually to ensure everything is configured, and also because running it manually will (by default) create 90 days of partitions, whereas the nightly CDK will not run until 0600 UTC, and will only create partitions for the current day and tomorrow. Tables are created for each account as cloudtrail_000000000000 and also a view is created that unions all these tables. Related projects This project was based on work by Alex Smolen. This project works great for many, but at enough scale (roughly 100GB of Cloudtrail logs), the way in which Athena is used with this project runs into problems. For this and other reasons, Alex released a new project cloudtrail-parquet-glue which is described in his post Use AWS Glue to make Cloudtrail Parquet partitions and resolves issues #13 and #14 with this project. Setup.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
An open-source framework for testing and validating the security of AWS services and resources.
A Python script that lists all main resources of your AWS account, helping you find resources that affect billing and/or security.
An AWS Lambda auditing tool that provides asset visibility and actionable results through statistical analysis and security checks.
A Lambda Function that disables AWS IAM User Access Keys after a set amount of time to reduce the risk associated with old access keys.
Managed Kubernetes Inspection Tool leveraging FOSS tools to query and validate security-related settings.
A tool that determines what AWS API calls are logged by CloudTrail and what they are logged as, and can also be used as an attack simulation framework.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.