Monitoring intelligence beyond enumeration

[Riebart]

Being able to enumerate the monitoring options in place via enum_monitoring.py is great (once it covers the full set), but intelligent analysis of it is also going to be really important. There are some complicated (and not) setups that are highly secure, or at least have specific nuances worth of care that the user should be aware of, but that only really come out of being able to detect and analyze the logging and monitoring environment.

This is definitely a later-stage kind of thing, but the ability to automatically enumerate these things and infer these insights will enable all sorts of cool stuff, because we'll have specific resource names we can now throw into other bulk/blind enumeration for more targeted enumeration on resource, and for action.

Things like:

• CloudTrail is logging to an in-account bucket, but there's an escalation path to getting delete access to that bucket.
  • The Bucket has notifications turned on for any deletes, and there's no way to disable that. Deleting CloudTrail objects will clean the history, but alert someone/something, use as a last resort

or

• CloudTrail is logging to an out-of-account bucket, and there's no way to sanitize logs.
  • This is a great time for flashing red warnings to the user saying use caution, your actions are logged durably and we don't know what analysis they're doing on them.