Detecting AWS CloudTrail Anomalies Overview AWS CloudTrail records API calls across AWS services. This skill covers querying CloudTrail events with boto3's API, building statistical baselines of normal API activity, detecting anomalies such as unusual event sources, geographic anomalies, high-frequency API calls, and first-time API usage patterns that indicate compromised credentials or insider threats. When to Use - When investigating security incidents that require detecting aws cloudtrail anomalies - When building detection rules or threat hunting queries for this domain - When SOC analyst…