-
Notifications
You must be signed in to change notification settings - Fork 5
/
218007301253_CloudTrail_us-east-1_20230710T1210Z_bXGZYqBeCCsqWq1U.json
1 lines (1 loc) · 7.53 KB
/
218007301253_CloudTrail_us-east-1_20230710T1210Z_bXGZYqBeCCsqWq1U.json
1
{"Records":[{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:01:59Z","eventSource":"sts.amazonaws.com","eventName":"AssumeRole","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_7d2a6913-ded3-49c6-a31c-0cdeebcc259c","errorCode":"AccessDenied","errorMessage":"User: arn:aws:iam::123837392027:user/bert-jan is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::123837392027:role/stratus-red-team-leave-org-role","requestParameters":null,"responseElements":null,"requestID":"8d733f8f-bb44-4e71-9f77-b4be4659b40e","eventID":"c1432796-7033-4913-ad4d-3052644bcfba","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"sts.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:03:17Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeSubnets","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_3a63b39c-6bcc-408c-a49e-7dfd92c3ef20 HashiCorp-terraform-exec/0.17.3","requestParameters":{"subnetSet":{"items":[{"subnetId":"subnet-0afaf7ba0564cac3a"}]},"filterSet":{}},"responseElements":null,"requestID":"8c16c79c-12cb-402b-bb9d-fbbbaa9366f7","eventID":"c61aa054-4166-4e0f-aa90-a3b3a23883e7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:03:18Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_3a63b39c-6bcc-408c-a49e-7dfd92c3ef20 HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{},"filterSet":{"items":[{"name":"association.route-table-association-id","valueSet":{"items":[{"value":"rtbassoc-0239fd3312c79a700"}]}}]}},"responseElements":null,"requestID":"9b6e2717-3164-49ee-9880-ad00f3535c3d","eventID":"e3eed960-1137-4a8b-92c5-6d337b958605","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:03:18Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeRouteTables","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_3a63b39c-6bcc-408c-a49e-7dfd92c3ef20 HashiCorp-terraform-exec/0.17.3","requestParameters":{"routeTableIdSet":{},"filterSet":{"items":[{"name":"association.route-table-association-id","valueSet":{"items":[{"value":"rtbassoc-06c42ea03f0967f18"}]}}]}},"responseElements":null,"requestID":"e512dfec-6de2-4ca4-8aa8-2d3ec1da5cfd","eventID":"40e7f706-04ec-473e-8f16-1779688504b9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"AssumedRole","principalId":"AROATFQR7NSCQNEXZHIOB:i-05c30218156bcc246","arn":"arn:aws:sts::123837392027:assumed-role/stratus-red-team-ec2-enumerate-role/i-05c30218156bcc246","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCWFKWOWVD","sessionContext":{"sessionIssuer":{"type":"Role","principalId":"AROATFQR7NSCQNEXZHIOB","arn":"arn:aws:iam::123837392027:role/stratus-red-team-ec2-enumerate-role","accountId":"123837392027","userName":"stratus-red-team-ec2-enumerate-role"},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T12:03:25Z","mfaAuthenticated":"false"},"ec2RoleDelivery":"2.0"}},"eventTime":"2023-07-10T12:05:31Z","eventSource":"ssm.amazonaws.com","eventName":"UpdateInstanceAssociationStatus","awsRegion":"us-east-1","sourceIPAddress":"52.45.102.28","userAgent":"aws-sdk-go/1.41.4 (go1.18.3; linux; amd64) amazon-ssm-agent/","requestParameters":{"associationId":"56fcb26d-8140-4f3f-8f77-7ff7344b4057","instanceId":"i-05c30218156bcc246","executionResult":{"executionDate":"Jul 10, 2023, 12:05:31 PM","status":"InProgress","executionSummary":"Executing association","errorCode":""}},"responseElements":null,"requestID":"1f0109d1-fd73-4325-a2db-71353a1b7225","eventID":"a1f3986f-db52-4d26-9887-6cc08ec94048","readOnly":false,"resources":[{"accountId":"123837392027","ARN":"arn:aws:ssm:us-east-1:123837392027:association/56fcb26d-8140-4f3f-8f77-7ff7344b4057"},{"accountId":"123837392027","ARN":"arn:aws:ec2:us-east-1:123837392027:instance/i-05c30218156bcc246"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ssm.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:06:32Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/4.67.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.18.0 os/linux lang/go/1.19.8 md/GOOS/linux md/GOARCH/amd64 api/iam/1.19.12 stratus-red-team_bc31c885-5ea0-4a6e-8bec-b6b10058bc44 HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"66d2a0d8-e020-4d6a-803a-9b03f0dcc9fe","eventID":"c26fdb1f-a467-426b-b366-cb3adcdb313a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}}]}