Cloud Sniper is a platform designed to manage Cloud Security Operations, intended to respond to security incidents by accurately analyzing and correlating cloud artifacts. It is meant to be used as a Cloud Security Operations platform to detect and remediate security incidents by showing a complete visibility of the company’s cloud security posture.
We are presenting a centralized Incident and Response platform, which executes automatic actions, by learning from the analysts’ expert knowledge. To do it, only native cloud artifacts and open source technologies are implemented. In this way, the community can extend the project with different security use cases.
Cloud Sniper receives and processes security feeds, providing an automatic response mechanism to protect the cloud infrastructure. To detect attackers’ advanced TTPs, Cloud Sniper Analytics module correlates IOCs providing enhanced security findings to the security analyst.
With this platform, you get a complete and comprehensive management system of the security incidents. At the same time, an advanced security analyst can integrate Cloud Sniper with external forensic or incident-and-response tools to ingest new security feeds. The platform automatically deploys and provides cloud-based integration with all native resources, in a fully modularized manner, making it very easy to extend for the community.
The system is currently available for AWS, but it is to be extended to others cloud platforms.
- Incident and Response orchestration (multi-account|multi-region)
- Security analytics
- Incident and Response dashboards
- Kubernetes deployment
- DROID (Incident and Response Simulations)
- LUSAT (Internal Threat Intelligence Feeds, Inventory and Compliance Data Collection)
We welcome all contributions, suggestions, and feedback, so please do not hesitate to reach out.
Ways you can contribute:
- Report potential bugs
- Request a feature
- Join our community
- Submit a PR for open issues
- Fix or improve documentation