search

DataDog / stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
https://stratus-red-team.cloud
Apache License 2.0
1.8k stars 207 forks source link

Add logged operations to the "List of all available attack techniques" page #582

Open lsass-exe opened 2 weeks ago

lsass-exe commented 2 weeks ago

This may be out of scope of this project but as a blue teamer it would be very useful for me to have a cheatsheet where I can look up log event operations and see what techniques they map to.

I think having an additional column on this page:

https://stratus-red-team.cloud/attack-techniques/list/

That for each row, lists the related operation that is logged for the technique.

E.g. for the row "Retrieve EC2 password data" have another column that lists "ec2:GetPasswordData"

I know this is also contained in the technique pages themselves but it is hard to ctrl-f on those.

Happy to pick this up if it is of interest.

christophetd commented 1 week ago

Thansk for the suggestion! In the meantime, https://traildiscover.cloud/ might be helpful for you! It has a link back to Stratus Red Team. cc @adanalvarez FYI

lsass-exe commented 1 week ago

Hadn't seen this before, thanks!!