
Open Source Security Tools - jacknagz
https://blog.runpanther.io/open-source-cloud-security-tools/
======
staticassertion
Wow, thanks for the mention alongside such a solid list of tools.

I'm the author of Grapl and I'd be happy to answer any questions. Grapl's
under active development (I'm working full time on it, and others are
joining), and there's lots of exciting stuff on the way.

~~~
canada_dry
Grapl looks quite interesting though the lack of documentation is a stumbling
block.

Is the primary Grapl use case AWS log analysis? Or, can it be setup and run
for an on-prem linux system?

Could it also be setup to analyze logs from several VM's (e.g. running
win/ubuntu-server/debian)?

More detailed deployment instructions for a variety of scenarios (installation
and usage) would be helpful!

~~~
staticassertion
> Grapl looks quite interesting though the lack of documentation is a
> stumbling block.

Totally. I intend to change this once things stabilize - right now the docs
would be changing so fast that I'd be spending all of my time updating them
(though things are slowing down a lot).

> Is the primary Grapl use case AWS log analysis? Or, can it be setup and run
> for an on-prem linux system?

Grapl _runs_ in AWS, but it can analyze any log that it can parse - currently
that's just sysmon, or anything that fits into its generic (and unstable)
format. There will be an AWS Plugin in the future that will allow you to send
various AWS sourcetypes, as well as various linux oriented plugins such as for
audit or osquery.

> Could it also be setup to analyze logs from several VM's (e.g. running
> win/ubuntu-server/debian)?

Absolutely.

> More detailed deployment instructions for a variety of scenarios
> (installation and usage) would be helpful!

Noted - this is going to be a top priority very soon.

------
ghostpepper
It's kind of sneaky that the last tool in the list happens to be sold by the
company publishing the list.

~~~
p1necone
This is blatantly just marketing for their tool, it's not just "kinda sneaky".
Tired of seeing stuff like this get upvoted.

~~~
staticassertion
It hardly feels sneaky... it's right on their blog. And they list a lot of
projects alongside theirs. And their product is built off a popular open
source D&R system.

So this feels pretty much fine I think.

------
Dahoon
A list of "cool tools" including the one the authors sell? It is a well made
ad.

~~~
phreack
It absolutely is, but if all ads provided value like this and inserted their
sell at the end... I wouldn't mind at all. Though maybe adding a disclaimer
saying 'in case you didn't check the domain... we're Panther and this is what
we do' or so might be more encouraging.

~~~
jacknagz
We will definitely add a disclaimer like this in the future! Thanks for the
feedback. We really wanted to highlight these security tools that have added
so much value to us in the past as practitioners.

------
yalogin
What does it mean when you say a cloud-native service is open sourced?

~~~
blackflame
It means that the code hosted on a cloud server is available for inspection.

~~~
m4rtink
And presumably for you to run in public cloud environment you are renting
yourself or a private cloud you are running yourself.

~~~
jacknagz
Exactly. Kubernetes could be considered "cloud-native" because it can be
deployed on either public/private clouds

