AWS Security Automation
AWS Security Automation is a collection of scripts and resources designed for DevSecOps, security automation, and automated incident response remediation within AWS environments. The toolkit includes several key components: IAM Access Denied Responder automatically responds to access denied events occurring within CloudTrail events, failed AWS console authentication attempts, or Client.UnauthorizedOperation events through automated workflows. EC2 Auto Clean Room Forensics provides automated incident response capabilities by taking instance IDs from SNS topics and coordinating through AWS Lambda functions and Step Functions to automatically notify stakeholders, isolate compromised instances, and perform basic forensic analysis. CloudTrail Remediation offers demonstration scripts for automatically restarting CloudTrail logging with built-in placeholders for forensic procedures to prevent re-enabling CloudTrail without proper investigation of the root cause. Force User MFA includes demonstration scripts that automatically create and attach virtual multi-factor authentication to newly created IAM users, allowing users to retrieve MFA seeds through AWS CLI. The solution leverages AWS native services including Lambda, Step Functions, SNS, and CloudTrail to provide automated security response capabilities for common AWS security scenarios.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
StackStorm is an open-source automation platform that connects and automates DevOps workflows and integrates with existing infrastructure.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.