How does partition projection improve forensic queries?

Partition projection allows Athena to query S3 logs without the need for manual ALTER TABLE ADD PARTITION commands, significantly speeding up data discovery and reducing query latency during time-sensitive investigations.

Can I use this for proactive threat hunting?

Yes, the provided forensic SQL queries are designed to identify specific indicators of compromise such as port scanning, privilege escalation, and lateral movement patterns.

Which AWS log sources are supported by this skill?

This skill provides specialized support for AWS CloudTrail, VPC Flow Logs, S3 server access logs, and Application Load Balancer (ALB) access logs.

What permissions are required to use these queries?

You need IAM permissions to run Athena queries, access the AWS Glue Data Catalog, and read permissions for the S3 buckets where your AWS logs are stored.

AWS Cloud Log Forensics with Athena

Name: AWS Cloud Log Forensics with Athena
Author: micsapp

bymicsapp

0•

安全与测试

Streamlines AWS security incident response by providing optimized Athena queries and DDL configurations for deep log analysis.

This skill empowers security engineers and incident responders to perform high-speed forensic investigations across massive AWS log datasets. By leveraging Amazon Athena with partition projection, it automates the creation of schemas for CloudTrail, VPC Flow Logs, S3, and ALB logs. It provides a library of forensic-grade SQL queries designed to detect critical threats such as privilege escalation, lateral movement, data exfiltration, and unauthorized API calls, allowing teams to reconstruct security events and hunt for indicators of compromise without manual data management overhead.

主要功能

01Detection patterns for S3 data exfiltration and unauthorized access

020 GitHub stars

03Automated Athena DDL generation with high-performance partition projection

04Cross-source log correlation for comprehensive incident reconstruction

05Pre-configured forensic queries for CloudTrail and VPC Flow Logs

06Scalable log analysis architecture using AWS S3 and Glue

使用场景

01Threat hunting for lateral movement patterns across complex VPC environments

02Investigating suspicious AWS API activity and unauthorized login attempts

03Generating evidence-grade audit trails for compliance and legal proceedings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-cloud-log-forensics-with-athena

For use in Claude.ai and ChatGPT

主要功能

01Detection patterns for S3 data exfiltration and unauthorized access

020 GitHub stars

03Automated Athena DDL generation with high-performance partition projection

04Cross-source log correlation for comprehensive incident reconstruction

05Pre-configured forensic queries for CloudTrail and VPC Flow Logs

06Scalable log analysis architecture using AWS S3 and Glue

使用场景

01Threat hunting for lateral movement patterns across complex VPC environments

02Investigating suspicious AWS API activity and unauthorized login attempts

03Generating evidence-grade audit trails for compliance and legal proceedings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-cloud-log-forensics-with-athena

For use in Claude.ai and ChatGPT