Threat intelligence firm Permiso Security has released an open source tool to help organizations detect cloud environment intrusions by known advanced persistent threat (APT) actors.
Dubbed CloudGrappler, the solution is built upon the capabilities of Cado Security’s cloudgrep open source tool that supports searching for log files in AWS, Azure, and Google Cloud Storage.
CloudGrappler, Permiso explains, enables the detection of suspicious and malicious activity matching the tactics, techniques, and procedures (TTPs) of known threat actors in popular cloud environments, which may go unnoticed in a flood of alerts.
“CloudGrappler specializes in querying for activity demonstrated by some of the most notorious threat actors in the cloud. Based on subset activity from Permiso’s library of hundreds of detections, it helps organizations detect threats targeting their cloud infrastructure,” Permiso explains.
The tool is notably good at detecting and analyzing single events, providing a granular view of security incidents, and helping identify anomalies fast.
CloudGrappler includes a data_sources.json file for defining the scope of a scan, allowing users to specify parameters to target specific resources but also enabling comprehensive scan across AWS and Azure environments.
The tool also includes a queries.json file containing predefined TTPs commonly used by threat actors and allows users to modify the source to scan the corresponding query or add custom queries to the file.
Once the scanning process is completed, CloudGrappler provides a report in a JSON format, containing a detailed breakdown of the scan results, including the cloud platform, specific resources, and details like prefixes or filenames.
“These reports offer easy to read, granular details of the findings to enable the security team to address them as quickly as possible,” Permiso says.
The security firm also notes that CloudGrappler’s usage can be optimized by using short time ranges when querying for results.
CloudGrappler is available on GitHub, together with instructions on how to use it.
Related: Cisco Releases Open Source Backplane Traffic Visibility Tool for OT
Related: Linux Foundation Tackles Financial Fraud With Open Source Platform
