Detect and Enrich Sysdig Alerts with Risky User with Greynoise and Deny User from AWS Console Login

This narrative begins by receiving Sysdig Cloudtrail alerts via notification integrations. Upon receiving an alert, the system retrieves user identity information from Sysdig, utilizing it to generate a risk score. Furthermore, the story conducts an IP lookup associated with the user to ascertain its reputation. In the event of a malicious IP address, the system autonomously implements a deny-all policy, effectively blocking the user from accessing the AWS console login.

Tools

AWS, GreyNoise, Sysdig

Community author

Manuel Boira at Sysdig

How it works

Import this story to your tenant, from where you can adapt it to meet your unique needs.

Import

Was this story helpful?

The product

Cases

What’s new

By team

Tines for

Discover

Learn

Support