Cloudwatch

analyzing-azure-activity-logs-for-threats skill for querying Azure Monitor activity logs and sign-in logs to spot suspicious admin actions, impossible travel, privilege escalation, and resource tampering. Built for incident triage with KQL patterns, an execution path, and practical Azure log table guidance.

analyzing-api-gateway-access-logs helps parse API Gateway access logs to detect BOLA/IDOR, rate-limit bypass, credential scanning, and injection attempts. Built for SOC triage, threat hunting, and Security Audit workflows across AWS API Gateway, Kong, and Nginx-style logs using pandas-based analysis.

detecting-cryptomining-in-cloud helps security teams detect unauthorized cryptomining in cloud workloads by correlating cost spikes, mining-port traffic, GuardDuty crypto findings, and runtime process evidence. Use it for triage, detection engineering, and detecting-cryptomining-in-cloud for Security Audit workflows.

aws-cost-operations is an AWS cost and operations skill for estimating costs, reviewing bills, monitoring CloudWatch, checking CloudTrail, and guiding operational decisions. It is well suited for Finance, FinOps, platform teams, and operators who need verified AWS facts and decision-ready output.