Stratus Red Team usage

Classification:

compliance

Framework:

Control:

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when the Stratus Red Team user agent is observed.

Strategy

This rule monitors cloud audit logs when the user agent string contains stratus-red-team (for example, @http.useragent:stratus-red-team). Stratus Red Team is an open source multi-cloud security tool, which enables emulation of offensive attack techniques in a granular and self-contained manner.

The following cloud providers are supported by Stratus Red Team:

  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
  • Entra ID
  • EKS
  • Kubernetes clusters on a cloud provider (alpha)

Triage and response

  1. Determine if your organization is using the Stratus Red Team tool to assess its security posture.
  2. If it is, consider adding a suppression for the tool’s identity or IP address during the testing period.
  3. If the results of the triage indicate that this tool is not used by your organization, begin your company’s incident response process and an investigation.
    • If appropriate, disable or rotate the affected credential/identity.
    • Investigate any actions taken by the identity.