This narrative begins by receiving Sysdig Cloudtrail alerts via notification integrations. Upon receiving an alert, the system retrieves user identity information from Sysdig, utilizing it to generate a risk score. Furthermore, the story conducts an IP lookup associated with the user to ascertain its reputation. In the event of a malicious IP address, the system autonomously implements a deny-all policy, effectively blocking the user from accessing the AWS console login.
Manuel Boira at Sysdig
How it works
Import this story to your tenant, from where you can adapt it to meet your unique needs.
Import