Day 7: Oh, no. I'M SPEAKING IN CLOUDTRAIL!

Task 1 - What is the other activity made by the user glitch aside from the ListObject action?

To find other activities I used following command jq -r '.Records[] | select(.eventSource == "s3.amazonaws.com" and .requestParameters.bucketName=="wareville-care4wares" and .userIdentity.userName == "glitch") | .eventName' cloudtrail_log.json

Answer 👉 PutObject

jq -r '.Records[] | select(.userIdentity.userName == "glitch") | .sourceIPAddress' cloudtrail_log.json

Answer 👉 53.94.201.69

jq -r '.Records[] | select(.eventName == "ConsoleLogin") | .eventSource' cloudtrail_log.json

Answer 👉 signin.amazonaws.com

jq -r '.Records[] | select(.eventName == "ConsoleLogin") | .userIdentity.userName +" " + .eventTime' cloudtrail_log.json

Answer 👉 2024-11-28T15:21:54Z

jq -r '.Records[] | select(.eventName == "CreateLoginProfile") ' cloudtrail_log.json

Answer 👉 glitch

jq -r '.Records[] | select(.eventName == "AttachUserPolicy")' cloudtrail_log.json

Answer 👉 AdministratorAccess

jq -r '.Records[] | select(.userIdentity.userName=="mayor_malware") | .sourceIPAddress' cloudtrail_log.json

Answer 👉 53.94.201.69

jq -r '.Records[] | select(.userIdentity.userName=="mcskidy") | .sourceIPAddress' cloudtrail_log.json

Answer 👉 31.210.15.79

grep -i "mayor malware" rds.log

Answer 👉 2394 6912 7723 1294

No Answer Needed

(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)