Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation. IAM Access Denied Responder: This example solution will setup an automated response to an access denied event that occurs within a CloudTrail event, a Failed authentication attempt to the AWS console, or a Client.UnauthorizedOperation event occurs. EC2 Auto Clean Room Forensics: This example solution will take an instance ID from an SNS topic and through a series of AWS Lambda functions co-ordinated by AWS Step Functions will automatically notify, isolate and run basic forensics on the identified instance. CloudTrailRemediation: Demo script to automatically restart CloudTrail. The script have placeholders for forensics etc. to avoid enabling CloudTrail without finding the causing user. force-user-mfa: Demo script to automatically create and attach virtual MFA to any newly created IAM user. The use can fetch the MFA Seed themselves using AWS CLI. Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the 'License'). You may not use this file except in compliance with the License. A copy
FEATURES
SIMILAR TOOLS
Modular SOAR implementation in Python for security orchestration, automation, and response.
Incident response and case management solution for efficient incident response and management.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Automatically configure your app to follow OWASP security patterns and principles with Nuxt Security module.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
Sample security playbooks for security automation, orchestration and response (SOAR) using Microsoft Sentinel trigger
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.