Investigative playbooks for cloud security events

Techniques for generating and utilizing investigative playbooks for cloud security events are described. Activity is detected indicative of a potential compromise in association with a resource of a multi-tenant cloud provider network. API calls originated by a client are determined to utilize API m...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Madapurmath, Prateek, Lazzaro, Stephen Clifford, Boteanu, Adrian, Mestri, Rohan Satyavan, Tanash, Rima S, Zhu, Yue, Lynch, Bryan Matthew, Vaulin, Ruslan, Michaels, Zachary Joseph, Buciuman-Coman, Michael, Maynard, Brent Andrew, Soudry, Nir Shalom, Sun, Guiquan
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Techniques for generating and utilizing investigative playbooks for cloud security events are described. Activity is detected indicative of a potential compromise in association with a resource of a multi-tenant cloud provider network. API calls originated by a client are determined to utilize API methods that exist within a set of known API methods included in a formal model of attack tactics. Responsive to both the detection and the determination, an investigative playbook is executed, based on the activity, that includes multiple logical tests to generate an attack report that can be presented to a user such as a security analyst for use in investigating cloud security events.