https://www.youtube.com/watch?v=61C_lEQ5qNM
https://github.com/welldone-cloud/aws-summarize-account-activity
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made and regions that were used. The summary is written to a JSON output file and can optionally be visualized as PNG files.
An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents references, other research references and security implications.