Investigative playbooks for cloud security events
Techniques for generating and utilizing investigative playbooks for cloud security events are described. Activity is detected indicative of a potential compromise in association with a resource of a multi-tenant cloud provider network. API calls originated by a client are determined to utilize API m...
Gespeichert in:
Hauptverfasser: | , , , , , , , , , , , , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Techniques for generating and utilizing investigative playbooks for cloud security events are described. Activity is detected indicative of a potential compromise in association with a resource of a multi-tenant cloud provider network. API calls originated by a client are determined to utilize API methods that exist within a set of known API methods included in a formal model of attack tactics. Responsive to both the detection and the determination, an investigative playbook is executed, based on the activity, that includes multiple logical tests to generate an attack report that can be presented to a user such as a security analyst for use in investigating cloud security events. |
---|