このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect when the Stratus Red Team user agent is observed.
Strategy
This rule monitors cloud audit logs when the user agent string contains stratus-red-team (for example, @http.useragent:stratus-red-team). Stratus Red Team is an open source multi-cloud security tool, which enables emulation of offensive attack techniques in a granular and self-contained manner.
The following cloud providers are supported by Stratus Red Team:
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
- Entra ID
- EKS
- Kubernetes clusters on a cloud provider (alpha)
Triage and response
- Determine if your organization is using the Stratus Red Team tool to assess its security posture.
- If it is, consider adding a suppression for the tool’s identity or IP address during the testing period.
- If the results of the triage indicate that this tool is not used by your organization, begin your company’s incident response process and an investigation.
- If appropriate, disable or rotate the affected credential/identity.
- Investigate any actions taken by the identity.
