Security News > 2024 > April > Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity
Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment.
"Infrastructure as code has replaced a lot of the need for console access for many organizations, but there are still plenty of instances where the console is still being used, and in some cases, you need to use the AWS console to perform certain actions. Cloud Console Cartographer cuts through the noise generated in logs by those console sessions," Daniel Bohannon, Permiso's Principal Threat Researcher, told Help Net Security.
This user clicked on the IAM homepage, which triggered these events to populate that information in the console UI. Security professionals are left trying to differentiate API calls invoked explicitly by a user from those secondary API invocations that create events to support the behavior or actions being conducted in the console UI. Threat actors leveraging console and other UIs have been observed, knowing how confusing this log data can be to incident responders and blue teamers.
Cloud Console Cartographer processes raw events in a log and can determine and group a series of 17 events that they see in CloudTrail, such as someone clicking a particular button in the UI. It even parses additional data from these secondary events to provide more context about what the user was seeing in the console, like the names of the groups, policies, roles, or access keys that were active at the time the click occurred.
The ability to correlate and reduce these events into singular actions helps security teams gain a quick understanding of what activity was conducted in console, something that is difficult to do today.
Cloud Console Cartographer is available for free on GitHub.
News URL
https://www.helpnetsecurity.com/2024/04/22/cloud-console-cartographer-open-source-tool/
Related news
- Top 5 Cloud Security Automations for SecOps Teams (source)
- Cloud Access Security Broker Policy (source)
- CrowdSec: Open-source security solution offering crowdsourced protection (source)
- Paid open-source maintainers spend more time on security (source)
- Certainly: Open-source offensive security toolkit (source)
- Cloud Security Policy (source)
- Open source maintainers: Key to software health and security (source)
- Whitepaper: Reach higher in your career with cloud security (source)
- SOC teams are frustrated with their security tools (source)
- Transforming cloud security with real-time visibility (source)