---
title: Stratus Red Team usage
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Stratus Red Team usage
---

# Stratus Red Team usage
Classification:complianceFramework:Control: 
## Goal{% #goal %}

Detect when the [Stratus Red Team](https://stratus-red-team.cloud/) user agent is observed.

## Strategy{% #strategy %}

This rule monitors cloud audit logs when the user agent string contains `stratus-red-team` (for example, `@http.useragent:stratus-red-team`). Stratus Red Team is an open source multi-cloud security tool, which enables emulation of offensive attack techniques in a granular and self-contained manner.

The following cloud providers are supported by Stratus Red Team:

- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
- Entra ID
- EKS
- Kubernetes clusters on a cloud provider (alpha)

## Triage and response{% #triage-and-response %}

1. Determine if your organization is using the Stratus Red Team tool to assess its security posture.
1. If it is, consider adding a suppression for the tool's identity or IP address during the testing period.
1. If the results of the triage indicate that this tool is not used by your organization, begin your company's incident response process and an investigation.
   - If appropriate, disable or rotate the affected credential/identity.
   - Investigate any actions taken by the identity.