Cloud Security Operations
What is Cloud Sniper?
Cloud Sniper is a platform designed to manage Cloud Security Operations. It is a platform intended to respond to security incidents by accurately analyzing and correlating native cloud artifacts. It is to be used as a Cloud Security Operations Platform to detect and remediate security incidents by showing complete visibility of the company’s cloud security posture.
With this platform, you have complete and comprehensive management of security incidents. At the same time, it lets advanced security analysts integrate the platform with external forensic or incident-and-response tools to provide security feeds into the platform. The platform automatically deploys and provides cloud-based integration with all native resources, is fully modularized, and very easy to extend for the community.
It receives and processes cloud-based and third-parties feeds and automatically responds to protecting the infrastructure. To detect advanced attack techniques, the Cloud Sniper Analytics module correlates the events generating IOCs, helping to analyze the attacker’s TTPs.
How it works
Cloud Sniper – AWS native version
It receives cloud-based feeds to take remediation security actions. Currently gets findings from GuardDuty, a continuous security monitoring service that detects threats based on CloudTrial Logs/VPC Flow Logs/DNS Logs artifacts.
When GuardDuty detects an incident, it automatically analyzes what actions are available to mitigate and remediate that security threat. If layer 7/4/3 attacks are taking place, it blocks the corresponding sources, both in the WAF and in the Network Access Control Lists of the affected instances.
A knowledge database will be created to store the IOCs that affect the cloud environments and will build its own Threat Intelligence feeds to use in the future.
The Cloud Sniper Analytics module allows us to analyze VPC flow logs of the entire network where an affected instance is deployed and obtain analytics on traffic behavior, looking for Command and Control (C2) activity.
Download && Use
Copyright (c) 2019 Cloud Sniper
