← Projects

cloudtrail-quickscan

security CLI tool June 2026

A small CLI that reads CloudTrail JSON and reports suspicious events such as failed logins, root activity, IAM changes, security group changes, and uncommon regions.

PythonAWSCloudTrailTests
GitHub ↗

Problem

Cloud logs get noisy fast. A small first-pass scanner makes review easier before bigger tools or SIEM pipelines are involved.

Build

The project uses a plain Python parser, rule functions, fake CloudTrail samples, JSON output, and tests.

Output

Findings are grouped as high, medium, and low severity so a reviewer can understand the risk quickly.

Next

I want to add short investigation playbooks and more realistic event samples.