What changes were made in environment, SG or VPC in last time period {}? 
Find all changes in the last 24 hours:
Find * with _beginOn > date.now - 24 hours
Changes in the last 24 hours related to a particular VPC:
Find * with _beginOn > date.now - 24 hours that relates to aws_vpc with vpcId='{vpcId}' or name='{vpcName}'
Resources with a certain tag that change in the last 24 hours:
Find * with _beginOn > date.now - 24 hours and (tag.Environment = '{tagValue}' or tag.Project = '{tagValue}')
What changes were made by person with access type {}?
This will be captured when we start processing cloudtrail events.
What changes were made by automated tools?
This will be captured when we start processing cloudtrail events.
What changes were made with interactive sessions?
This will be captured when we start processing cloudtrail events.
Which developer(s) most likely introduced vulnerabilities in recent code changes?
Requires integrations with Github or Bitbucket, and code scanning solutions like Veracode or WhiteHat.
Find User that OPENED PR with createdOn > date.now-7days that RELATES TO CodeRepo that HAS (Vulernability|Finding) with _createdOn > date.now-7days return tree
Comments
0 comments
Please sign in to leave a comment.