Product
Detects the initial export of an AWS DynamoDB table to S3, potentially indicating reconnaissance or exfiltration by a compromised account or insider threat.