Search code, repositories, users, issues, pull requests...

Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. CloudTrail logs) and mapping them to the original user input actions in the management console UI for simplified analysis and explainability. This is extremely beneficial for defenders since numerous input actions in management console sessions can generate 10's and even many 100's of events originating from a single interactive click by the end user.

An additional capability that Cloud Console Cartographer provides defenders is the parsing of relevant data from all events related to each mapping. For example, when a user clicks on IAM->Users in the AWS Management Console and 100+ events are generated, this framework parses these logs and extracts all IAM users and long-lived access keys that were active at the time the logs were generated. This leads to point-in-time context of the environment and increased levels of visibility into what the user was seeing in the UI at the time of their activity.

This tool offers a CLI (Command Line Interface) for processing cloud logs and simple displaying of results on the command line. More interactive analysis is better served using the Python UI Visualizer. Let's review its most common use cases:

Leave a Comment