Skip to content

Instantly share code, notes, and snippets.

@jonathanhle

jonathanhle/cloudtrail_athena

Created October 11, 2018 21:04
Show Gist options
  • Save jonathanhle/1ab64f60b12dec92ddb9bea874163ad6 to your computer and use it in GitHub Desktop.
Save jonathanhle/1ab64f60b12dec92ddb9bea874163ad6 to your computer and use it in GitHub Desktop.
Download ZIP
cloudtrail athena search for console login failures
Raw
cloudtrail_athena
select useridentity.username, sourceipaddress, eventtime, json_extract_scalar(responseElements, '$.ConsoleLogin') as ConsoleLogin
from default.cloudtrail_logs_blah_athena_table
where eventname = 'ConsoleLogin' and json_extract_scalar(responseElements, '$.ConsoleLogin') = 'Failure'
LIMIT 1000;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment