The logs don’t lie. Every API call. Every login. Every change. CloudTrail keeps it all. But finding what matters can feel like walking through mud. That’s where pgcli changes the game.
When you put CloudTrail into Postgres and query with pgcli, you get speed, clarity, and precision. You stop guessing. You stop scrolling. You ask a question, and the answer hits you in real time. No clicking through screens. No waiting on filters to load.
A runbook makes this even sharper. The same queries. The same steps. Every time. A repeatable way to investigate security incidents, trace changes, and confirm compliance. Runbooks take the chaos out of analysis.
Here’s what it looks like in practice:
- Load CloudTrail logs into Postgres.
- Fire up
pgcli for auto-complete and syntax highlighting. - Run pre-built SQL queries from your runbook to track actions, user behavior, and system changes.
- Save outputs, pass them to your team, close the loop.
Investigating suspicious logins? You run the login-audit query.
Tracking changes to IAM policies? You hit the IAM-change query.
Checking API call spikes by region? You use the region-trends query.
The magic is in combining simple SQL patterns with a battle-tested process. That turns CloudTrail from raw data into a living system you can question — and trust the answers.
You get fewer false alarms. You spot the patterns. You shrink detection time from hours to minutes. And when things break, you know where to look first.
The fastest way to prove it is to see it live. Hoop.dev lets you run pgcli CloudTrail query runbooks in minutes. No setup grind. No waiting on infrastructure. Load your data, launch the terminal, and get to the truth faster.
Go from messy logs to clear answers. See it run for real today at hoop.dev.