TrailBlazer
#Network & Cloud#Cloud Security
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
TrailBlazer: A Tool for Analyzing AWS API Call Logs
TrailBlazer is a tool designed to identify which AWS API calls are recorded by CloudTrail and how they are categorized in the logs.
It can also be utilized
It can also be utilized as a framework for simulating attacks.
It utilizes the Python AWS SDK
It utilizes the Python AWS SDK library known as boto3 to perform API calls to AWS.
Overview of SDK Services and API Calls
This section lists the services offered in the SDK, specifies the regions where these services are available, and identifies the API calls associated with each service by examining the function set.
It bypasses the boto3 client-side validation
It bypasses the boto3 client-side validation, allowing for mostly improper requests to be made to AWS.
The term 'mostly' is important here because if an API call does not require a specific parameter, the API call generated by TrailBlazer will be completely valid.
Due to the way AWS logs these requests, they will be recorded as Invalid Parameters or Unauthorized. This occurs because of inconsistencies in CloudTrail logging.
