Cloud-DART is a comprehensive repository that provides Standard Operating Procedures (SOPs), Jupyter Notebooks, and code blocks for detection and response in cloud environments. This repository is designed to assist security professionals in automating and enhancing their cloud security posture.

• Cloud-DART: Cloud Detection & Response Toolkit
  • Overview
  • Table of Contents
  • Features
  • Getting Started
    • Prerequisites
    • Installation
  • Usage
  • Contributing
  • License

• AWS Athena Searches: Pre-configured SQL queries for threat detection in AWS.
• AWS Lambdas: Python scripts for automated response actions in AWS.
• Jupyter Notebooks: Playbooks and workflows for cloud detection and response.
• MITRE Mapping: Documentation mapping cloud trail logs to MITRE ATT&CK framework.
• DART Program SOPs: Guidelines and templates for setting up a Detection and Response Team.

• AWS Account
• Python 3.x
• Jupyter Notebook

1. Clone the repository

   git clone https://github.com/rgi-group/Cloud-DART.git
   

2. Navigate to the directory

   cd Cloud-DART
   

3. Install required packages

   pip install -r requirements.txt
   

• AWS Athena Searches: Navigate to AWS Athena Searches folder and execute the SQL queries in your AWS Athena instance.
• AWS Lambdas: Deploy the Python scripts in AWS Lambdas folder to your AWS Lambda service.
• Jupyter Notebooks: Open the notebooks in Jupyter Notebooks folder using Jupyter Notebook.

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests.

This project is licensed under the MIT License - see the LICENSE.md file for details.