New Delhi: Threat intelligence company Permiso Security has recently introduced an open-source tool to help organizations identify intrusions in cloud environments by recognizing advanced persistent threat (APT) actors.
This innovative solution is named CloudGrappler and is founded on the functionality of Cado Security’s cloudgrep open-source tool. This facilitates the search for log files within AWS, Azure, and Google Cloud Storage.
CloudGrappler empowers users to spot malicious or doubtful activities that align with the ‘tactics, techniques, and procedures’ (TTPs) of known threat actors in popular cloud environments.
According to Permiso, CloudGrappler specializes in querying activities that are exhibited by prominent threat actors in the cloud. With the help of Permiso’s extensive library of millions of detections, the tool helps organizations identify threats that target their cloud infrastructure.
This tool stands out for its efficiency in spotting and analyzing individual events to provide a comprehensive view of security incidents and to identify anomalies.
Furthermore, CloudGrappler includes a data_sources.json file, that enables users to predefine the parameters for scanning. This feature helps target specific resources while providing support for comprehensive scans across Azure as well as AWS environments.
Additionally, this tool offers a queries.json file that is preloaded with some of the common TTPs employed by threat actors. This enables users to modify or customize existing queries to the file.
Once the scanning process is completed, CloudGrappler generates a detailed JSON report, including the details regarding the cloud platform, resources, prefixes, and filenames.