CloudGrappler: A powerful open-source threat detection tool for cloud evironments


CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure.

Key Features

Threat Actor Querying

CloudGrappler specializes in querying for activity demonstrated by some of the most notorious threat actors in the cloud. Based on subset activity from Permiso’s library of hundreds of detections, It helps organizations detect threats targeting their cloud infrastructure.

Single-Event Detections

This open-source tool excels in detecting and analyzing single events and offers a granular view of potential security incidents lurking in your AWS and Azure environments. This gives security teams the ability to identify specific anomalies quickly and easily.

Integration with cloudgrep

Leveraging the robust capabilities of cloudgrep, CloudGrappler enhances its threat detection by incorporating a set of TTPs observed in the modern threat landscape and actual cloud environments.


To optimize your utilization of CloudGrappler, we recommend using shorter time ranges when querying for results. This approach enhances efficiency and accelerates the retrieval of information, ensuring a more seamless experience with the tool.

Install & Tutorial

Copyright (C) 2024 Permiso-io-tools