Stratus Red Team usage

Classification:

compliance

Framework:

Control:

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

Detect when the Stratus Red Team user agent is observed.

Strategy

This rule monitors cloud audit logs when the user agent string contains stratus-red-team (for example, @http.useragent:stratus-red-team). Stratus Red Team is an open source multi-cloud security tool, which enables emulation of offensive attack techniques in a granular and self-contained manner.

The following cloud providers are supported by Stratus Red Team:

  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
  • Entra ID
  • EKS
  • Kubernetes clusters on a cloud provider (alpha)

Triage and response

  1. Determine if your organization is using the Stratus Red Team tool to assess its security posture.
  2. If it is, consider adding a suppression for the tool’s identity or IP address during the testing period.
  3. If the results of the triage indicate that this tool is not used by your organization, begin your company’s incident response process and an investigation.
    • If appropriate, disable or rotate the affected credential/identity.
    • Investigate any actions taken by the identity.