The AWS CloudTrail SES Enumeration rule is designed to detect enumeration activities targeting AWS Simple Email Service (SES) accounts. By analyzing events logged in AWS CloudTrail over a specified lookback window, the rule checks various configurations related to SES sending capabilities and identity verifications. The detection process includes verifying whether sending is enabled for SES, assessing the send quota, listing identities associated with the account, and confirming the identity verification statuses. These checks occur in specific AWS regions as defined in the match criteria, allowing the detection of potential unauthorized enumeration attempts by an actor trying to gather information about the SES setup of the target account. A combination of alerts raised by other rules assist in the correlation process, which results in an aggregated signal of possible reconnaissance activity targeting AWS SES configurations.