Alternatives and similar repositories for aws-incident-response

Users that are interested in aws-incident-response are comparing it to the libraries listed below

• duo-labs / cloudtrail-partitioner

  View on GitHub
  ☆157Jul 8, 2023Updated 2 years ago
• aws-samples / aws-incident-response-playbooks

  View on GitHub
  ☆1,049Aug 22, 2025Updated 5 months ago
• zmallen / cloudtrail2sightings

  View on GitHub
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆82Jul 25, 2022Updated 3 years ago
• invictus-ir / Sigma-AWS

  View on GitHub
  This repository contains the research and components of our research into using Sigma for AWS Incident Response.
  ☆31Jul 12, 2023Updated 2 years ago
• adanalvarez / TrailDiscover

  View on GitHub
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆172Feb 8, 2026Updated last week
• duo-labs / cloudtracker

  View on GitHub
  CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  ☆907Dec 17, 2021Updated 4 years ago
• SummitRoute / aws_exposable_resources

  View on GitHub
  Resource types that can be publicly exposed on AWS
  ☆329Feb 23, 2022Updated 3 years ago
• ReversecLabs / leonidas

  View on GitHub
  Automated Attack Simulation in the Cloud, complete with detection use cases.
  ☆603Nov 28, 2024Updated last year
• salesforce / cloudsplaining

  View on GitHub
  Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized repo…
  ☆2,180Feb 8, 2026Updated last week
• joshlarsen / aws-recon

  View on GitHub
  Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
  ☆554Jul 13, 2025Updated 7 months ago
• tenable / access-undenied-aws

  View on GitHub
  Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps. Open-s…
  ☆266Jan 26, 2023Updated 3 years ago
• amrandazz / attack-guardduty-navigator

  View on GitHub
  A MITRE ATT&CK Navigator export for AWS GuardDuty Findings
  ☆139Jul 23, 2021Updated 4 years ago
• nccgroup / PMapper

  View on GitHub
  A tool for quickly evaluating IAM permissions in AWS.
  ☆1,539Aug 2, 2024Updated last year
• willbengtson / trailblazer-aws

  View on GitHub
  Blazing CloudTrail since 2018
  ☆138Jan 27, 2019Updated 7 years ago
• Netflix-Skunkworks / aws-credential-compromise-detection

  View on GitHub
  Example detection of compromise credentials in AWS
  ☆122Aug 6, 2018Updated 7 years ago
• flosell / trailscraper

  View on GitHub
  A command-line tool to get valuable information out of AWS CloudTrail
  ☆830Updated this week
• ramimac / aws-customer-security-incidents

  View on GitHub
  A repository of breaches of AWS customers
  ☆794Jan 24, 2026Updated 3 weeks ago
• google / cloud-forensics-utils

  View on GitHub
  Python library to carry out DFIR analysis on the Cloud
  ☆499Oct 8, 2025Updated 4 months ago
• Netflix-Skunkworks / cloudtrail-anomaly

  View on GitHub
  ☆83Dec 5, 2019Updated 6 years ago
• awslabs / aws-security-analytics-bootstrap

  View on GitHub
  AWS Security Analytics Bootstrap enables customers to perform security investigations on AWS service logs by providing an Amazon Athena a…
  ☆270Updated this week
• awslabs / aws-automated-incident-response-and-forensics

  View on GitHub
  ☆401Sep 25, 2023Updated 2 years ago
• salesforce / aws-allowlister

  View on GitHub
  Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frame…
  ☆224Aug 11, 2023Updated 2 years ago
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,252Feb 6, 2026Updated last week
• duo-labs / parliament

  View on GitHub
  AWS IAM linting library
  ☆1,109Jan 7, 2026Updated last month
• ReversecLabs / awspx

  View on GitHub
  A graph-based tool for visualizing effective access and resource relationships in AWS environments.
  ☆994Oct 4, 2022Updated 3 years ago
• zoph-io / MAMIP

  View on GitHub
  Monitor AWS Managed IAM Policies Changes
  ☆493Feb 9, 2026Updated last week
• jonrau1 / ElectricEye

  View on GitHub
  ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring su…
  ☆1,034Feb 9, 2026Updated last week
• ThreatResponse / aws_ir

  View on GitHub
  Python installable command line utiltity for mitigation of host and key compromises.
  ☆347Jul 23, 2021Updated 4 years ago
• andrewkrug / fargate-ir

  View on GitHub
  Proof of concept incident response demo using SSM and AWS Fargate.
  ☆14Dec 5, 2019Updated 6 years ago
• SecurityRunners / cloud-exposure-catalog

  View on GitHub
  A catalog of services that can be publicly exposed within different cloud providers.
  ☆14Aug 30, 2024Updated last year
• awslabs / aws-security-automation

  View on GitHub
  Collection of scripts and resources for DevSecOps and Automated Incident Response Security
  ☆635Jan 14, 2026Updated last month
• awslabs / aws-cloudsaga

  View on GitHub
  AWS CloudSaga - Simulate security events in AWS
  ☆472Updated this week
• salesforce / policy_sentry

  View on GitHub
  IAM Least Privilege Policy Generator
  ☆2,138Feb 8, 2026Updated last week
• ReversecLabs / IAMSpy

  View on GitHub
  ☆228Jan 29, 2026Updated 2 weeks ago
• alsmola / cloudtrail-parquet-glue

  View on GitHub
  Glue workflow to convert CloudTrail logs to Athena-friendly Parquet format
  ☆48Apr 25, 2024Updated last year
• panther-labs / panther-analysis

  View on GitHub
  Built-in Panther detection rules and policies
  ☆439Updated this week
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• disruptops / resource-counter

  View on GitHub
  This command line tool counts the number of resources in different categories across Amazon regions.
  ☆59Dec 17, 2019Updated 6 years ago
• andrewkrug / securing-the-cloud-supplemental

  View on GitHub
  Supplemental templates for securing the cloud.
  ☆37Apr 1, 2025Updated 10 months ago