News, news analysis, and commentary on the latest trends in cybersecurity technology.

Detecting Cloud Threats With CloudGrappler

The open source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments.

Dark Reading Staff, Dark Reading

March 19, 2024

1 Min Read
magnifying glass on a screen of text
Source: Brian Jackson via Alamy

With organizations depending more on cloud infrastructure for their operations, enterprise defenders need tools that can help them monitor their cloud environments and detect threat actors before they can cause too much damage. CloudGrappler is a new open source tool from Permiso designed to scan an organization's Azure and Amazon Web Services environments looking for tactics, techniques, and procedures (TTPs) used by threat actors.

Security teams define a list of data sources that should be included in the scan and a list of predefined TTPs commonly used by cloud threat actors, and CloudGrappler scans logs and other events data to deliver a JSON report with a detailed breakdown of everything it finds. The security team can also add new queries dynamically to the input file, create a new input file with multiple queries, and define ways to filter the results based on criteria like date range and file size.

CloudGrappler uses cloudgrep, originally developed by Cado Security, to query cloud environments.

The tool captures relevant metadata, such as time stamps, resource names, and file paths. When the scan completes, CloudGrappler correlates the results with Permiso's threat intelligence data to provide context around the detected events, including details about the associated threat actor, severity level, and risk assessment. The scanning tool can query for specific threat actors, look for single events, or provide granular incident analysis, Permiso said.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights