Skip to content

specopdiv/cloud-sniper

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

109 Commits
.github
.github
 
 
dashboard
dashboard
 
 
images
images
 
 
runbooks/guardduty
runbooks/guardduty
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Cloud Sniper

Cloud Security Operations

Cloud Sniper is a platform designed to manage Cloud Security Operations, intended to respond to security incidents by accurately analyzing and correlating cloud artifacts. It is meant to be used as a Cloud Security Operations platform to detect and remediate security incidents by showing a complete visibility of the company's cloud security posture.

We are presenting a centralized Incident and Response platform, which executes automatic actions, by learning from the analysts' expert knowledge. To do it, only native cloud artifacts and open source technologies are implemented. In this way, the community can extend the project with different security use cases.

Cloud Sniper receives and processes security feeds, providing an automatic response mechanism to protect the cloud infrastructure. To detect attackers' advanced TTPs, Cloud Sniper Analytics module correlates IOCs providing enhanced security findings to the security analyst.

With this platform, you get a complete and comprehensive management system of the security incidents. At the same time, an advanced security analyst can integrate Cloud Sniper with external forensic or incident-and-response tools to ingest new security feeds. The platform automatically deploys and provides cloud-based integration with all native resources, in a fully modularized manner, making it very easy to extend for the community.

The system is currently available for AWS, but it is to be extended to others cloud platforms.

Features

  1. Incident and Response orchestration (multi-account|multi-region)
  2. Security analytics
  3. Incident and Response dashboards
  4. Alerting
  5. Kubernetes deployment
  6. DROID (Incident and Response Simulations)
  7. LUSAT (Internal Threat Intelligence Feeds, Inventory and Compliance Data Collection)

Usage

Get Involved

Contributing

We welcome all contributions, suggestions, and feedback, so please do not hesitate to reach out.

Ways you can contribute:

  1. Report potential bugs
  2. Request a feature
  3. Join our community
  4. Submit a PR for open issues
  5. Fix or improve documentation

Releases

  • EKOLABS - EKOPARTY 2019
  • ARSENAL - BLACK HAT USA 2020
  • ARSENAL - BLACK HAT ASIA - 2021 (Upcoming release)

Code of Conduct

This project adheres to the Linux Foundation Code of Conduct available on the event page. By participating, you are expected to honor this code.

About

Cloud Incident Response Orchestrator

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 98.6%
  • HCL 1.4%