I have connected successfully AWS Cloudwatch Logs and it is showing under Threat Management-Workgroups in Sentinel now. So i would like some help as to what kind of query i can run in sentinel to retrieve any security threats in my AWS environment.
My AWS Environment is running just 1 EC2 instance.
Also, in Workbooks it shows :
1) AWS Network Activities
2) AWS User Activities
Are these the only two activities which Sentinel shows for AWS Cloudwatch or there can be many more.