AMBERSQUID IR playbook.
Generated by your last run. MayaTrail synthesized this playbook from the CloudTrail events of run RUN-2F4A · 2026-04-26. Preparation, identification triggers (P0-P3), AWS CLI investigation queries, containment, eradication, recovery, and lessons learned. Tabletop-ready.
This is one of three deliverables.
Every MayaTrail run ships a detection bundle (Sigma rules), an IR playbook (this), and a signed CloudTrail evidence package.
Drop them into your detection repo, runbook wiki, and audit folder.