FalconFriday — Detecting realistic AWS cloud-attacks using Azure Sentinel — 0xFF1C

Post-Image

FalconFriday — Detecting realistic AWS cloud-attacks using Azure Sentinel — 0xFF1C

On January 28th, Christophe Tafani-Dereeper released the open source Stratus Red team attack simulation tool. At FalconForce, we are very pleased to see attack simulation tools being published, especially when they simulate realistic cloud-based attacks like this one. Since Christophe released these attack simulations as open source we decided to also release the associated Azure Sentinel detection content we developed to detect the simulated attacks as open source. These detections are available on our FalconFriday Github repository.

This blog post describes how these rules were created and provides some background on the rules and on how an attack simulation tool can be used to facilitate the construction of detection content.

Cross post from medium.com, please read the full article here:

https://medium.com/falconforce/falconfriday-detecting-realistic-aws-cloud-attacks-using-azure-sentinel-0xff1c-b62fd45c87dc

Direct link to our Github page:

https://github.com/FalconForceTeam/FalconFriday