Threat Hunting AWS CloudTrail with Sentinel: Part 1

This four-part blog introduction explains how to perform threat hunting on AWS CloudTrail data using Microsoft Sentinel. It describes simulated attacks in a test AWS environment (credential theft from misconfigured S3, creation of backdoor IAM keys and new users/groups), maps those simulations to MITRE ATT&CK cloud techniques, and demonstrates using Kusto Query Language (KQL) and Sentinel detections; the post also lists offensive toolkits used (cloud_enum, Pacu, Atomic Red Team) and provides extensive references for further hunting and detection work.