Highlights:
- CloudGrappler is adept at scrutinizing activities linked to notorious cloud threat actors, specializing in detecting and analyzing individual log events for heightened security measures.
- Permiso Security’s open-source tool, CloudGrappler, allows users to dynamically add new queries or include a file with multiple queries to scan the target dataset.
Recently, Permiso Security Inc. introduced an open-source tool aiding security teams in swift threat actor detection within Microsoft Corp. Azure and Amazon Web Services Inc. environments.
CloudGrappler, Permiso Security’s open-source tool, leverages Cado Security Ltd.’s cloudgrep project to bolster threat detection. It’s designed to identify tactics, techniques, and procedures (TTPs) used by modern cloud threat actors like LUCR-3/Scattered Spider.
CloudGrappler is adept at scrutinizing activities linked to notorious cloud threat actors, specializing in detecting and analyzing individual log events for heightened security measures. CloudGrappler provides a holistic perspective on potential security incidents within an organization’s environment, leveraging cloudgrep’s capabilities to extend threat detection in AWS and Azure environments, ensuring a thorough analysis of security threats.
CloudGrappler, available on GitHub, empowers users to define the scope of their scan by selecting preferred data sources, offering flexibility and customization in threat detection. Users can leverage a list of predefined TTPs commonly used by cloud threat actors through another JSON file, enhancing the tool’s effectiveness in identifying potential security incidents.
Permiso Security’s open-source tool, CloudGrappler, allows users to dynamically add new queries or include a file with multiple queries to scan the target dataset. Following the scan, CloudGrappler provides a comprehensive JSON report, offering a detailed breakdown of the results for thorough analysis and action.
Andi Ahmeti, an associate threat researcher at Permiso’s research division, P0 Labs, stated, “Knowing where to look and what to look for is key when searching for malicious activity. CloudGrappler makes ongoing hunting for malicious activity as simple as a one-line command. It lets you seamlessly integrate Permiso intel and TTP-based detections into your threat hunting and incident response process, even if you don’t have a SIEM.”
Permiso is a venture capital-backed startup, having secured USD 10 million in funding, as reported by Tracxn. Investors include Point72 Ventures LLC, Foundation Capital LLC, Work-Bench, 11.2 Capital LP, and Rain Capital Management LLC.
The company provides an identity threat detection platform to find “evil” within cloud-based environments. It generates session constructs for identities spanning cloud and software-as-a-service applications to break visibility barriers, enabling a comprehensive understanding of user behavior and intent throughout your environment.
Permiso Security’s open-source tool establishes a unified identity across authentication boundaries, presenting it as a forensically sound access chain. By correlating all activities to a single identity, Permiso can identify access anomalies, behavioral irregularities, or specific actions linked to compromised credentials.