{"id":18719498,"url":"https://github.com/center-for-threat-informed-defense/cloud-analytics","last_synced_at":"2026-01-25T11:05:42.026Z","repository":{"id":50192438,"uuid":"435489365","full_name":"center-for-threat-informed-defense/cloud-analytics","owner":"center-for-threat-informed-defense","description":"Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as well as a blueprint for how others can create and use cloud analytics effectively.","archived":false,"fork":false,"pushed_at":"2023-04-25T15:07:36.000Z","size":13459,"stargazers_count":53,"open_issues_count":1,"forks_count":9,"subscribers_count":81,"default_branch":"main","last_synced_at":"2025-05-19T14:17:40.654Z","etag":null,"topics":["analytics","cloud","cloud-computing","ctid","cyber-analytics","cyber-threat-intelligence","cybersecurity","mitre-attack"],"latest_commit_sha":null,"homepage":"https://ctid.mitre-engenuity.org/our-work/cloud-analytics/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/center-for-threat-informed-defense.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"support/README.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-06T12:32:43.000Z","updated_at":"2025-03-03T05:15:39.000Z","dependencies_parsed_at":"2024-12-28T11:25:49.578Z","dependency_job_id":null,"html_url":"https://github.com/center-for-threat-informed-defense/cloud-analytics","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/center-for-threat-informed-defense/cloud-analytics","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/center-for-threat-informed-defense%2Fcloud-analytics","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/center-for-threat-informed-defense%2Fcloud-analytics/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/center-for-threat-informed-defense%2Fcloud-analytics/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/center-for-threat-informed-defense%2Fcloud-analytics/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/center-for-threat-informed-defense","download_url":"https://codeload.github.com/center-for-threat-informed-defense/cloud-analytics/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/center-for-threat-informed-defense%2Fcloud-analytics/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28752487,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T10:25:12.305Z","status":"ssl_error","status_checked_at":"2026-01-25T10:25:11.933Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analytics","cloud","cloud-computing","ctid","cyber-analytics","cyber-threat-intelligence","cybersecurity","mitre-attack"],"created_at":"2024-11-07T13:26:19.765Z","updated_at":"2026-01-25T11:05:42.009Z","avatar_url":"https://github.com/center-for-threat-informed-defense.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloud Analytics\n\nThis Cloud Analytics project researched and developed best practices to help defenders improve their ability to detect adversary behaviors in today's complex cloud environments. This repository contains behavioral analytics to detect attacks to cloud platforms and a blueprint for how others can create and use cloud analytics effectively.\n\n## Resources\n\n| Resource | Description |\n|----------|-------------|\n| [Blueprint Document](/docs/Cloud_Analytics_Development_Blueprint.pdf) | Best practices and lessons learned for developing cloud analytics.​ |\n| [Analytics](/analytics/) | Analytics generated in Sigma format for the project. |\n| [CALDERA Emulation Tips](/emulation/) | Documentation on reproducing adversary emulation using Caldera. |\n| [Sigma Rule Information](/docs/) | Documentation on using Sigma rules in relation to Cloud Analytics. |\n| [Support Resources](/support/) | Resources not part of final deliverable, but potentially useful. |\n\n## Questions and Feedback\n\nPlease submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries.\n\nAlso see the guidance for contributors if are you interested in contributing or simply reporting issues.\n\n## Notice\n\nCopyright 2022 MITRE Engenuity. Approved for public release. Document number CT0053\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in compliance with the License. You may obtain a copy of the License at\n\n\u003chttp://www.apache.org/licenses/LICENSE-2.0\u003e\n\nUnless required by applicable law or agreed to in writing, software distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.\n\nThis project makes use of ATT\u0026CK®\n\n[ATT\u0026CK Terms of Use](https://attack.mitre.org/resources/terms-of-use/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcenter-for-threat-informed-defense%2Fcloud-analytics","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcenter-for-threat-informed-defense%2Fcloud-analytics","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcenter-for-threat-informed-defense%2Fcloud-analytics/lists"}