Threat Hunting AWS CloudTrail with Sentinel: Part 2

**Detecting S3 Bucket Attack** — A lab simulation demonstrates exploitation of a publicly accessible, misconfigured S3 bucket (T1530) using the cloud_enum tool and AWS CLI to enumerate and exfiltrate files; an exposed file containing an Access Key ID and Secret Key provided initial foothold. The report includes CloudTrail-focused KQL hunting queries to detect ListAccessPoints, GetObject and suspicious SourceIpAddress/UserAgent activity and provides detection recommendations for SOCs.