DataDog/grimoire external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

DataDog/grimoire

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/DataDog/grimoire)

Close

DataDog / grimoireView on GitHubMore

• External links
• Readme badge

Generate datasets of cloud audit logs for common attacks

☆233Feb 13, 2026Updated 2 weeks ago

Alternatives and similar repositories for grimoire

Users that are interested in grimoire are comparing it to the libraries listed below

• adanalvarez / TrailDiscover

  View on GitHub
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆174Feb 22, 2026Updated last week
• SecurityRunners / CloudCommotion

  View on GitHub
  Cloud Commotion intends to cause chaos to simulate security incidents
  ☆145Jun 18, 2024Updated last year
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆338Feb 13, 2026Updated 2 weeks ago
• dwillowtree / diana

  View on GitHub
  Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )
  ☆225Sep 4, 2024Updated last year
• ReversecLabs / cloud-security-vm

  View on GitHub
  Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments
  ☆142Jan 2, 2025Updated last year
• StevenSmiley / aws-mine

  View on GitHub
  AWS honey token manager
  ☆89Aug 1, 2024Updated last year
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,266Feb 13, 2026Updated 2 weeks ago
• vectra-ai-research / Halberd

  View on GitHub
  Halberd : Multi-Cloud Agentic Attack Tool
  ☆334Jan 12, 2026Updated last month
• zmallen / cloudtrail2sightings

  View on GitHub
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆82Jul 25, 2022Updated 3 years ago
• adanalvarez / TrailAlerts

  View on GitHub
  TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events i…
  ☆51Nov 9, 2025Updated 3 months ago
• invictus-ir / aws-cheatsheet

  View on GitHub
  A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
  ☆80Jan 6, 2026Updated last month
• tenable / hidden-services-revealer

  View on GitHub
  ☆40Aug 2, 2024Updated last year
• KatTraxler / gcpdocs

  View on GitHub
  Repository to archive GCP Documentation for local use
  ☆16Feb 11, 2025Updated last year
• huntresslabs / rogueapps

  View on GitHub
  When good OAuth apps go rogue. Documents observed OAuth application tradecraft
  ☆84Jan 30, 2026Updated last month
• DuneGroup / ice-axe

  View on GitHub
  ☆23Sep 20, 2024Updated last year
• offensive-actions / azure-storage-reverse-shell

  View on GitHub
  This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
  ☆39Sep 25, 2024Updated last year
• ReversecLabs / IAMSpy

  View on GitHub
  ☆229Updated this week
• kpolley / PIIDetective

  View on GitHub
  PII detection platform, leveraging human-in-the-loop AI
  ☆54Nov 29, 2024Updated last year
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• HarshVaragiya / aws-redteam-kit

  View on GitHub
  A PoC to Simulate Ransomware Attack on AWS Environment
  ☆33Oct 14, 2024Updated last year
• adanalvarez / HoneyTrail

  View on GitHub
  Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for pre…
  ☆51Nov 16, 2024Updated last year
• invictus-ir / KubeForenSys

  View on GitHub
  A Kubernetes Forensic Collection Framework for Azure Kubernetes Service
  ☆41Feb 9, 2026Updated 2 weeks ago
• DataDog / undocumented-aws-api-hunter

  View on GitHub
  A tool to uncover undocumented APIs from the AWS Console.
  ☆116Apr 29, 2025Updated 10 months ago
• NetSPI / gcpwn

  View on GitHub
  Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…
  ☆287May 16, 2025Updated 9 months ago
• The-DFIR-Report / Suricata-Rules

  View on GitHub
  ☆11Jun 12, 2023Updated 2 years ago
• hotnops / apeman

  View on GitHub
  AWS Attack Path Management Tool - Walking on the Moon
  ☆261Dec 5, 2024Updated last year
• okta / customer-detections

  View on GitHub
  A public collection of detections designed to detect threats associated with the Okta WIC Platform.
  ☆13Jan 5, 2026Updated last month
• orcasecurity-research / kte

  View on GitHub
  Test & Compare different Kubernetes security offerings on EKS, GKE and AKS
  ☆40Aug 29, 2024Updated last year
• 0x4D31 / detection-and-response-pipeline

  View on GitHub
  ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …
  ☆289Feb 5, 2024Updated 2 years ago
• Resourcely-Inc / cloud-guardrails

  View on GitHub
  Open-source best practices for protecting a secure, sensible cloud platform
  ☆129Oct 25, 2024Updated last year
• Permiso-io-tools / CloudConsoleCartographer

  View on GitHub
  Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. Cl…
  ☆173May 16, 2024Updated last year
• sinsinology / CVE-2024-5009

  View on GitHub
  Exploit for CVE-2024-5009
  ☆13Jul 8, 2024Updated last year
• bilals12 / clusterfuck

  View on GitHub
  ☆42Nov 13, 2025Updated 3 months ago
• runreveal / sigmalite

  View on GitHub
  ☆52Dec 13, 2025Updated 2 months ago
• mrwadams / otx-mcp

  View on GitHub
  ☆20Apr 10, 2025Updated 10 months ago
• cado-security / cloudgrep

  View on GitHub
  cloudgrep is grep for cloud storage
  ☆326Feb 26, 2025Updated last year
• krdmnbrk / AttackRuleMap

  View on GitHub
  Mapping of open-source detection rules and atomic tests.
  ☆201Feb 16, 2026Updated last week
• Frichetten / aws-api-models

  View on GitHub
  A collection of documented and undocumented AWS API models
  ☆53Nov 21, 2025Updated 3 months ago
• saw-your-packet / CloudShovel

  View on GitHub
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆113Nov 13, 2024Updated last year