SyntheticSun is a defense-in-depth security automation and monitoring framework designed for AWS environments. The framework combines threat intelligence, machine learning algorithms, and serverless technologies to provide comprehensive threat prevention, detection, and response capabilities. The system operates through event-based and time-based serverless automation to collect, normalize, enrich, and correlate security telemetry data. It presents this information through Kibana dashboards for visualization and analysis. The framework integrates multiple data sources including threat intelligence feeds, geolocation data, and open-source intelligence to enhance threat identification capabilities. SyntheticSun incorporates machine learning-backed anomaly detection using Random Cut Forests (RCF) and IP Insights algorithms. These unsupervised ML models analyze timeseries data and IP-entity pair relationships to identify potential security anomalies and suspicious patterns. The framework provides automated response capabilities by dynamically updating AWS WAFv2 IP Sets and Amazon GuardDuty threat intelligence sets. This integration allows for real-time protection enhancement against known threats and malicious IP addresses. The system leverages AWS managed security services and serverless architecture to provide scalable security monitoring and automated threat response across cloud infrastructure.