Skip to content
/ AWS-Threat-Hunting-Field-Guide Public

Field guide for threat hunting in AWS: workbooks, queries, and frameworks tailored for CloudTrail, GuardDuty, Detective, and real-world SOC investigations.

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

juansasoc/AWS-Threat-Hunting-Field-Guide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
assets
assets
 
 
checklists
checklists
 
 
detections
detections
 
 
esql/core
esql/core
 
 
prompts
prompts
 
 
sigma/core
sigma/core
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AWS Threat Hunting — Field Guide

Status License AWS Elastic

Banner

Hunts-first AWS detection-engineering field guide with ES|QL queries, Sigma scaffolds, and AI prompt templates.
Coverage: IAM, S3, CloudTrail/Config/KMS, VPC/Network, EC2/EBS, Lambda, EKS, DNS, CloudFront/API, Secrets, GuardDuty correlations.

Quick Start

  1. Browse detections/ for copy/paste queries.
  2. Use prompts/ to tune hunts for your schema.
  3. Track readiness with checklists/hunt-readiness.md.

Portable Artifacts

  • ES|QL: esql/core/*
  • Sigma: sigma/core/*

See detections/ for hunts, prompts/ for LLM tuning, sigma/ and esql/ for portable artifacts.

About

Field guide for threat hunting in AWS: workbooks, queries, and frameworks tailored for CloudTrail, GuardDuty, Detective, and real-world SOC investigations.

Topics

aws cloud cybersecurity threat-hunting soc aws-cloudtrail aws-guardduty security-operations cloud-forensics cloud-threat-hunting

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published