AWS Auto Remediate
The Auto Remediate function is triggered via an SQS Queue auto-remediate-config-compliance. The SQS Queue is populated with a compliance payload from AWS Config via a CloudWatch Event auto-remediate-config-compliance. The purpose of the CloudWatch Event is to filter out all non-compliance related messages that AWS Config generates. Once the Lambda function has been triggered it will attempt to remediate the security concern. If the remediation was unsuccessful, the event payload will be sent to the dead letter queue (DQL) SQS Queue auto-remediate-dlq. Each time a payload is sent to the DLQ, an attribute try_count is incremented to the SQS message. Once that count exceeds RETRYCOUNT variable attached to the Lambda Function, the message will no longer be sent to the DLQ. If no remediation exists for the incoming AWS Config event, the AWS Config payload will be sent to an SNS Topic.
FEATURES
ALTERNATIVES
Scalable, cost-effective application recovery to AWS.
Companion repository for deploying osquery in a production environment with tailored query packs.
Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.
A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.
DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.
PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.
Enhances Windows OS security through system modifications and settings adjustments.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.