Security News > 2024 > March > CloudGrappler: Open-source tool detects activity in cloud environments

CloudGrappler: Open-source tool detects activity in cloud environments
2024-03-11 05:30

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments.

The tool, built on the foundation of Cado Security's cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures of modern cloud threat actors like LUCR-3.

CloudGrappler queries for high-fidelity activities of threat actors in the cloud.

This tool can identify and scrutinize individual log events, providing a perspective on potential security incidents in real-time or retrospectively within AWS and Azure environments.

Through another JSON file, users can leverage a list of predefined TTPs commonly used by cloud threat actors.

"CloudGrappler brings cloud threat actor knowledge, distilled by Permiso p0 Labs, directly into the hands of security teams. The initial ruleset is designed to detect 54 TTPs from four major threat actors in AWS and Azure environments, it significantly reduces the time and expertise required to identify potential threats. The initial release is all about getting the foundation set. Further releases will be focused on more detection content. The next set of TTPs we will be adding will be related to one of our favorite threat actors, APT29," Ian Ahl, SVP of P0 Labs, told Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/03/11/cloudgrappler-free-open-source-cloud-security-tool/