grimoire
grimoire copied to clipboard
DataDog
Generate datasets of cloud audit logs for common attacks
When using grimoire with stratus-red-team detonator, it hard to to difference between warmup related events and real detonation related events. I'm wondering if that possible to have an option to...
As searching for logs can take some time, it would be nice to print something regularily to show the program isn't stuck.
``` WARN[2024-08-03 23:49:49] You have %d events in the exclude list0 INFO[2024-08-03 23:49:49] Warming up Stratus Red Team attack technique aws.persistence.iam-create-admin-user INFO[2024-08-03 23:49:49] Detonating Stratus Red Team attack technique aws.persistence.iam-create-admin-user...
As searching for logs can take some time, it would be nice to print something regularily to show the program isn't stuck.
For attack techniques that have a `revert` function in Stratus Red Team, this function is called before cleaning up: https://github.com/DataDog/stratus-red-team/blob/main/v2/pkg/stratus/runner/runner.go#L182-L192 This causes these logs to have the same UA as...
This would likely require using something like CloudTrail Lake to have more granularity on events logged. Using a plain CloudTrail trail is impractical considering logs go to S3.
Greetings, contributors to this repository! This GitHub Issue serves as a notification for the archival of **DataDog/grimoire** repository. Our automation has identified this repository has been inactive since August 9,...
![xuxu-codeql[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "xuxu-codeql[bot] avatar"){kind=avatar}