{"skill":{"slug":"cloudtrail-threat-detector","displayName":"Cloudtrail Threat Detector","summary":"Analyze AWS CloudTrail logs for suspicious patterns, unauthorized changes, and MITRE ATT&CK indicators","tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":587,"installsAllTime":2,"installsCurrent":2,"stars":0,"versions":1},"createdAt":1772419913776,"updatedAt":1778491684551},"latestVersion":{"version":"1.0.0","createdAt":1772419913776,"changelog":"Initial release of AWS CloudTrail Threat Detector skill.\n\n- Provides expert guidance to analyze AWS CloudTrail logs for suspicious activities and MITRE ATT&CK indicators.\n- Accepts CloudTrail event exports, S3 log downloads, or CloudWatch Logs exports as input (user-supplied data only).\n- Highlights high-risk event patterns such as unauthorized root usage, credential creation, privilege escalation, and defense evasion.\n- Delivers findings as a threat summary, incident timeline, detailed table, attack narrative, and containment recommendations.\n- Does not execute commands or access AWS accounts directly—strictly instruction and analysis based on provided data.","license":null},"metadata":null,"owner":{"handle":"anmolnagpal","userId":"publishers:anmolnagpal","displayName":"Anmol Nagpal","image":"https://avatars.githubusercontent.com/u/4303310?v=4"},"moderation":null}