AWS CloudTrail - Threat hunting in AWS CloudTrail Logs
As more companies are moving out of physical data centers and into cloud based solutions, analysts need to develop new ways to analyze their cloud based solutions for risks and threats. LogicHub has developed a playbook to hunt for risks in one such solution, AWS CloudTrail logs. This conducts seven investigations in parallel to identify risks within the CloudTrail logs.
Automating threat hunting AWS CloudTrail logs with LogicHub is powerful, easy, and can help you detect attackers and threats otherwise easily missed in the mountains of data. SOC teams are able to improve their productivity and response times, while minimizing false positives and false negatives.
Code Repositories (GitHub)
LogicHub for GitHub is an automated threat detection solution that continually monitors your source code repositories for suspicious behavior and vulnerabilities to help you protect your intellectual property.
Installed without having to deploy agents, and setup with just a few clicks, LogicHub immediately begins analyzing millions of GitHub log events to identify any malicious or unauthorized behavior. It uses a sophisticated threat ranking engine to automatically prioritize potential threats and provides a high quality feed of security alerts.
LogicHub is designed for teams of all sizes, is very cost effective, and can scale to very large deployments without much effort.
LogicHub for Salesforce provides out-of-the-box threat detection. It continuously monitors your feed of Salesforce Audit events to detect any unusual behavior or pattern, and provides you with a really high quality feed of alerts.
With LogicHub’s powerful Threat Ranking engine, you can make sure that the alert feed you are getting is free of noise and false positives, while ensuring that suspicious activity does not get lost without a notification.
IOC Search & Event Enrichment
One of the many use cases that LogicHub customers have implemented and benefited from is that of automating the search for Indicators of Compromise (IOCs), that are distributed from various third party sources, within their environment.
Automating the search and enrichment of threat intelligence helps the SOC identify potentially compromised machines and identify gaps in the environment’s security. This particular use case does not make any changes to the environment that could cause potential outages or block legitimate business processes, but instead provides insight to help with those changes.