公开(公告)号：US12088609B1

公开(公告)日：2024-09-10

申请号：US17488758

申请日：2021-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Adrian Boteanu ,  Rima S. Tanash ,  Ruslan Vaulin ,  Brent Andrew Maynard ,  Stephen Clifford Lazzaro ,  Yue Zhu ,  Rohan Satyavan Mestri ,  Prateek Madapurmath ,  Bryan Matthew Lynch ,  Nir Shalom Soudry ,  Zachary Joseph Michaels ,  Guiquan Sun ,  Michael Buciuman-Coman

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: Techniques for generating and utilizing investigative playbooks for cloud security events are described. Activity is detected indicative of a potential compromise in association with a resource of a multi-tenant cloud provider network. API calls originated by a client are determined to utilize API methods that exist within a set of known API methods included in a formal model of attack tactics. Responsive to both the detection and the determination, an investigative playbook is executed, based on the activity, that includes multiple logical tests to generate an attack report that can be presented to a user such as a security analyst for use in investigating cloud security events.