Cloudtrail

detecting-s3-data-exfiltration-attempts helps investigate possible AWS S3 data theft by correlating CloudTrail S3 data events, GuardDuty findings, Amazon Macie alerts, and S3 access patterns. Use this detecting-s3-data-exfiltration-attempts skill for Security Audit, incident response, and suspicious bulk-download analysis.

analyzing-cloud-storage-access-patterns helps security teams detect suspicious cloud storage access in AWS S3, GCS, and Azure Blob Storage. It analyzes audit logs for bulk downloads, new source IPs, unusual API calls, bucket enumeration, after-hours access, and possible exfiltration using baseline and anomaly checks.

detecting-compromised-cloud-credentials is a cloud security skill for AWS, Azure, and GCP that helps confirm credential abuse, trace anomalous API activity, investigate impossible travel and suspicious logins, and scope incident impact with provider telemetry and alerts.

detecting-aws-cloudtrail-anomalies helps analyze AWS CloudTrail activity for unusual API sources, first-time actions, high-frequency calls, and suspicious behavior tied to credential compromise or privilege escalation. Use it for structured anomaly detection with boto3, baselining, and event-field analysis.

aws-cost-operations is an AWS cost and operations skill for estimating costs, reviewing bills, monitoring CloudWatch, checking CloudTrail, and guiding operational decisions. It is well suited for Finance, FinOps, platform teams, and operators who need verified AWS facts and decision-ready output.