Leonidas
#Network & Cloud#Cloud Security
LogRhythm SIEM is a comprehensive security information and event management platform that collects, analyzes, and responds to security events across an organization's IT infrastructure.
This Repository Contains Leonidas Framework for Cloud Attacker Actions
This repository contains Leonidas, which is a framework designed for executing actions typically performed by attackers in a cloud environment.
It provides a YAML-based format for defining cloud attacker tactics, techniques, and procedures
It offers a YAML-based format that allows for the definition of cloud attacker tactics, techniques, and procedures (TTPs), along with their related detection properties.
Compiling Definitions into a Web API
A web API that exposes each test case as a separate endpoint utilizes Sigma rules (https://github.com/Neo23x0/sigma) for detection documentation. For an example, please visit http://detectioninthe.cloud/.
The API Deployment Process
The API is deployed using an AWS-native CI/CD pipeline. It is accessed through web requests that are secured by an API key. To create documentation or Sigma rules, you will need to install the generator on your local machine. Once installed, you can generate Sigma rules and documentation as needed.
