As organizations increasingly depend on cloud infrastructure for their operations, enterprise defenders need tools that can help them monitor their cloud environments and detect threat actors before they can cause too much damage. CloudGappler is a new open source tool from Permiso designed to scan an organization’s Azure and Amazon Web Services environments for tactics, techniques, and procedures (TTPs) used by threat actors.
Security teams define a list of data sources that should be included in the scan and a list of default TTPs commonly used by cloud threat actors, while CloudGappler scans logs and other event data to provide a JSON report with a detailed breakdown of everything he finds. The security team can also add new queries dynamically to the input file, create a new input file with multiple queries, and define ways to filter the results based on criteria such as date range and file size.
CloudGappler uses cloudgrep, originally developed by Cado Security, to query cloud environments.
The tool captures relevant metadata, such as timestamps, resource names, and file paths. Once the scan is complete, CloudGappler correlates the results with Permiso threat intelligence data to provide context around the detected events, including details about the associated threat actor, severity level, and risk rating. The scanning tool can query specific threat actors, search for individual events or provide granular analysis of incidents, Permiso said.