-
Notifications
You must be signed in to change notification settings - Fork 5
/
218007301253_CloudTrail_us-east-1_20230710T1205Z_1dM7GQM67kudSyGD.json
1 lines (1 loc) · 16.5 KB
/
218007301253_CloudTrail_us-east-1_20230710T1205Z_1dM7GQM67kudSyGD.json
1
{"Records":[{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:55:06Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_6a7ec681-49a5-4403-99a2-d3c1229e8063 HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"8184daf5-fe4c-4ae2-b2e1-fbc3c2a4f50d","eventID":"ff349c7b-e2a9-4cdc-ad74-4688add834d9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:55:15Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_6a7ec681-49a5-4403-99a2-d3c1229e8063 HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{},"filterSet":{"items":[{"name":"association.route-table-association-id","valueSet":{"items":[{"value":"rtbassoc-0b911e98f29251a51"}]}}]}},"responseElements":null,"requestID":"b8b14706-00a4-491e-bf60-842dcafbaf2b","eventID":"6702cc3b-75db-4203-9ace-50500f5de138","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:56:54Z","eventSource":"ssm.amazonaws.com","eventName":"DescribeInstanceInformation","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_6a7ec681-49a5-4403-99a2-d3c1229e8063","requestParameters":{"filters":[{"key":"InstanceIds","values":["i-0dbc91f429e48eeed"]}]},"responseElements":null,"requestID":"a14ee920-0e4f-4ecd-8168-f97f8cd8e05f","eventID":"33e37f19-3758-4d9a-a895-21a2e9c65d2a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ssm.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:57:47Z","eventSource":"secretsmanager.amazonaws.com","eventName":"DescribeSecret","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_561fe49b-e6b4-44da-a587-f2c718eb578a HashiCorp-terraform-exec/0.17.3","requestParameters":{"secretId":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-18-L0CnJd"},"responseElements":null,"requestID":"87706672-9205-4f27-a17a-754509444524","eventID":"eadf903a-75d1-445a-a067-774d6f1ade1b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.3","cipherSuite":"TLS_AES_128_GCM_SHA256","clientProvidedHostHeader":"secretsmanager.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:57:47Z","eventSource":"secretsmanager.amazonaws.com","eventName":"DescribeSecret","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_561fe49b-e6b4-44da-a587-f2c718eb578a HashiCorp-terraform-exec/0.17.3","requestParameters":{"secretId":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-17-QaRzei"},"responseElements":null,"requestID":"1d9e1512-deb2-4190-9d5c-7317618ee0f6","eventID":"8a058bf4-650a-4853-9279-c97949d35777","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.3","cipherSuite":"TLS_AES_128_GCM_SHA256","clientProvidedHostHeader":"secretsmanager.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:57:49Z","eventSource":"secretsmanager.amazonaws.com","eventName":"PutSecretValue","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_561fe49b-e6b4-44da-a587-f2c718eb578a HashiCorp-terraform-exec/0.17.3","requestParameters":{"secretId":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-1-ywtiPr","clientRequestToken":"E3760F40-AC29-481B-BDAA-811F9C5DD522"},"responseElements":{"arn":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-1-ywtiPr"},"requestID":"3c722304-5b2b-49e5-99ff-71c898869d2d","eventID":"3b1a9f0b-1e1d-4f80-b4dd-f759f54a7faf","readOnly":false,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.3","cipherSuite":"TLS_AES_128_GCM_SHA256","clientProvidedHostHeader":"secretsmanager.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSC4EYJSF6N","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:57:49Z","mfaAuthenticated":"false"}},"invokedBy":"secretsmanager.amazonaws.com"},"eventTime":"2023-07-10T11:57:53Z","eventSource":"kms.amazonaws.com","eventName":"Decrypt","awsRegion":"us-east-1","sourceIPAddress":"secretsmanager.amazonaws.com","userAgent":"secretsmanager.amazonaws.com","requestParameters":{"encryptionContext":{"SecretARN":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-13-nFvpuv","SecretVersionId":"77D1F684-1D98-4499-B105-05294E4B3115"},"encryptionAlgorithm":"SYMMETRIC_DEFAULT"},"responseElements":null,"requestID":"67ba58e7-f537-49da-a14b-32b350427bc8","eventID":"c5fcc777-485b-4414-bebe-f7c49172b598","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::KMS::Key","ARN":"arn:aws:kms:us-east-1:123837392027:key/dad21b23-9915-42bd-981b-2a9f3c8f20c8"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-0d985940f92611b87","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:58:10Z","eventSource":"ssm.amazonaws.com","eventName":"GetParameter","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_11a6ef34-e130-4579-a1d3-79c915cee6ec HashiCorp-terraform-exec/0.17.3","requestParameters":{"name":"/credentials/stratus-red-team/credentials-22","withDecryption":true},"responseElements":null,"requestID":"dc95f070-0cbe-4f1a-a29c-2f80ab47ca6e","eventID":"25812ee9-136d-47dc-8848-22b9ca8fd5b7","readOnly":true,"resources":[{"accountId":"123837392027","ARN":"arn:aws:ssm:us-east-1:123837392027:parameter/credentials/stratus-red-team/credentials-22"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ssm.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:58:10Z","eventSource":"ssm.amazonaws.com","eventName":"GetParameter","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_11a6ef34-e130-4579-a1d3-79c915cee6ec HashiCorp-terraform-exec/0.17.3","requestParameters":{"name":"/credentials/stratus-red-team/credentials-40","withDecryption":true},"responseElements":null,"requestID":"a4bba9b0-d9da-49b7-b98b-a7e485ba946b","eventID":"c8c4cf22-3bc8-42da-8b48-73633d713062","readOnly":true,"resources":[{"accountId":"123837392027","ARN":"arn:aws:ssm:us-east-1:123837392027:parameter/credentials/stratus-red-team/credentials-40"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ssm.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCY3B4ATOG","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:58:10Z","mfaAuthenticated":"false"}},"invokedBy":"AWS Internal"},"eventTime":"2023-07-10T11:58:17Z","eventSource":"kms.amazonaws.com","eventName":"Encrypt","awsRegion":"us-east-1","sourceIPAddress":"AWS Internal","userAgent":"AWS Internal","requestParameters":{"encryptionAlgorithm":"SYMMETRIC_DEFAULT","keyId":"alias/aws/ssm","encryptionContext":{"PARAMETER_ARN":"arn:aws:ssm:us-east-1:123837392027:parameter/credentials/stratus-red-team/credentials-36"}},"responseElements":null,"requestID":"2bf3ecc6-8f4b-43d7-b8bd-da5c7b6f9e17","eventID":"8003b0a1-db2b-41b9-85b5-e12cb9972fb2","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::KMS::Key","ARN":"arn:aws:kms:us-east-1:123837392027:key/0e5d0ab6-097e-49d8-99ef-747ce3e5f8f4"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:59:59Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketPolicy","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_1d949e3e-4092-4c96-a6ef-96a967510a46 HashiCorp-terraform-exec/0.17.3]","requestParameters":{"bucketName":"stratus-red-team-ctes-bucket-qyxyekjbtk","Host":"stratus-red-team-ctes-bucket-qyxyekjbtk.s3.amazonaws.com","policy":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"BuO1En2ch4f0faM/b3MqgCCiCAEQ8o2JDtDsVAQeSxd/4jYFo1M5zkrqWw1reKfldnht2EnqFLJtUhpNUfduTw==","bytesTransferredOut":494},"requestID":"AGHCJPQ0A7J495KV","eventID":"da460e7d-512a-4a38-b22e-37f8b4b5a4cf","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-ctes-bucket-qyxyekjbtk"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-ctes-bucket-qyxyekjbtk.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:00:02Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketLifecycle","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_1d949e3e-4092-4c96-a6ef-96a967510a46 HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchLifecycleConfiguration","errorMessage":"The lifecycle configuration does not exist","requestParameters":{"lifecycle":"","bucketName":"stratus-red-team-ctes-bucket-qyxyekjbtk","Host":"stratus-red-team-ctes-bucket-qyxyekjbtk.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"CTiNTOXxtLbBJFQ9ITNWSQPJrkE19NKVi1pT2uzI1Sodn7DL9UnobYxm6kbkbT4+uKxhu3a6MoM=","bytesTransferredOut":313},"requestID":"6T7WWC4P2D4GPWQN","eventID":"0aba48a0-49f4-4bbd-ab3f-6c75c8efb1ce","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-ctes-bucket-qyxyekjbtk"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-ctes-bucket-qyxyekjbtk.s3.amazonaws.com"}},{"eventVersion":"1.09","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:00:07Z","eventSource":"cloudtrail.amazonaws.com","eventName":"GetEventSelectors","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_1d949e3e-4092-4c96-a6ef-96a967510a46 HashiCorp-terraform-exec/0.17.3","requestParameters":{"trailName":"stratus-red-team-ctes-trail-qyxyekjbtk"},"responseElements":null,"requestID":"0182d1a5-db27-4156-a1b8-64a482bf9684","eventID":"c289d324-db2c-45c2-97a5-93840c84fed2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"cloudtrail.us-east-1.amazonaws.com"}}]}