Identity threat detection and response startup Permiso Security Inc. today released a suite of three open-source tools that help security teams bolster their detection capabilities for a variety of tasks.

The first new open-source tool, called DetentionDodger, focuses on identifying and mitigating risks associated with leaked credentials. The tool scans CloudTrail logs to detect failed policy attachments and lists identities with a quarantine policy, highlighting users whose privileges could be compromised. Through analyzing inline and attached policies, the tool assesses the potential impact of leaked credentials based on user privileges.

DetentionDodger helps security teams proactively address threats by providing detailed insights into the security posture of identities within their cloud environments. The tool ensures that organizations can quickly identify vulnerabilities and take corrective actions to protect sensitive resources.

Second up today, BucketShield, is designed to monitor and alert on Amazon Web Services Inc. S3 buckets and CloudTrail log activities. The tool ensures the consistent flow of logs from AWS services into S3 buckets to mitigate the risk of misconfigurations that could disrupt log collection.

The tool also features support for real-time tracking of identity and access management roles, key management service configurations and S3 log flows to help maintain an audit-ready cloud environment. BucketShield gives security teams visibility into critical log activities and ensures all events are recorded, allowing organizations to quickly detect and respond to potential issues.

The third tool released today, called CAPICHE Detection Framework, is an open-source tool designed to streamline the process of creating cloud application programming interface detection rules. It allows defenders to generate multiple detection rules from API groupings, even when the full API names are unknown, simplifying the detection translation pipeline and making it more accessible for security teams. Using the CAPICHE Detection Framework, organizations can quickly adapt their defenses to evolving cloud threats by automating rule creation and, in doing so, help security teams stay ahead of potential attacks, the company says.

“The learning curve for detection in the cloud is steep and our goal is to help security teams bolster their detections across their cloud environments without having to purchase commercial software solutions like a SIEM,” said co-founder and co-Chief Executive Officer Jason Martin. “We are committed to providing resources that can help the broader security community defend against the tactics, techniques and procedures of modern threat actors.”

The three new open-source tools released today bring the total number of open-source tools released by Po Labs to 10.

Previous open-source releases this year from Permiso include Cloud Console Cartographer, a tool that helps security teams make sense of console-driven event activity in their AWS logs, and SkyScalpel, a tool that helps offensive and defensive security professionals understand how policies could be obfuscated by threat actors to go undetected in an environment.

Image: SiliconANGLE/Ideogram