Skip to content

Ebryx/aws-threathunting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits

aws-assess_secrets_manager

aws-assess_secrets_manager

 
 

aws-cloudwatch_alarm_to_slack

aws-cloudwatch_alarm_to_slack

 
 

aws-honey_tokens_usage_alerter

aws-honey_tokens_usage_alerter

 
 

aws-role_credentials_leakage_monitor

aws-role_credentials_leakage_monitor

 
 

aws-threatintel_vpc_flow_logs

aws-threatintel_vpc_flow_logs

 
 

aws-waf_logging_status

aws-waf_logging_status

 
 

.gitignore

.gitignore

 
 

Readme.md

Readme.md

 
 

Repository files navigation

Description

Our continuous efforts to improve our monitoring and threathunting capabilities in the AWS cloud
Each folder/sub-project contains its own Readme.md

Sub-Projects

aws-cloudwatch_alarm_to_rds:

  • Sends alarms from Cloudwatch to Slack via Lambda function

aws-role_credentials_leakage_monitor:

  • Monitors role credentials leakage from:
    • CloudTrail logs in ELK stack
    • Account ENIs and EIPs

aws-honey_tokens_usage_alerter:

  • Lambda function that periodically checks if AWS API calls have been made from honey tokens/fake users and alerts on Slack

aws-threatintel_vpc_flow_logs: (in-progress)

  • Gathers threat intelligence for bad reputed IPs from VPC flow logs

About

Projects for AWS ThreatHunting

Topics

aws aws-lambda threat-hunting aws-security aws-security-automation threat-hunting-aws

Resources

Readme
Activity
Custom properties

Stars

22 stars

Watchers

8 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages