Wow, thanks for the mention alongside such a solid list of tools.

I'm the author of Grapl and I'd be happy to answer any questions. Grapl's under active development (I'm working full time on it, and others are joining), and there's lots of exciting stuff on the way.

Grapl looks quite interesting though the lack of documentation is a stumbling block.

Is the primary Grapl use case AWS log analysis? Or, can it be setup and run for an on-prem linux system?

Could it also be setup to analyze logs from several VM's (e.g. running win/ubuntu-server/debian)?

More detailed deployment instructions for a variety of scenarios (installation and usage) would be helpful!

> Grapl looks quite interesting though the lack of documentation is a stumbling block.

Totally. I intend to change this once things stabilize - right now the docs would be changing so fast that I'd be spending all of my time updating them (though things are slowing down a lot).

> Is the primary Grapl use case AWS log analysis? Or, can it be setup and run for an on-prem linux system?

Grapl runs in AWS, but it can analyze any log that it can parse - currently that's just sysmon, or anything that fits into its generic (and unstable) format. There will be an AWS Plugin in the future that will allow you to send various AWS sourcetypes, as well as various linux oriented plugins such as for audit or osquery.

> Could it also be setup to analyze logs from several VM's (e.g. running win/ubuntu-server/debian)?

Absolutely.

> More detailed deployment instructions for a variety of scenarios (installation and usage) would be helpful!

Noted - this is going to be a top priority very soon.

Very neat project. I've thought about representing attacks as a graph problem before, but never dug into it. Thanks for making it open source!

Turns out it's a lot of work haha but the payoff is, in my opinion, huge - and Grapl does the hard work for you.

It's kind of sneaky that the last tool in the list happens to be sold by the company publishing the list.

In a similar vein, of event based response and remediate/report/notify, but more compliance/governance as code style, https://github.com/cloud-custodian/cloud-custodian ~ 2.7k stars 240 contributors.. disclaimer I’m a maintainer. Bonus it works several clouds (aws, azure, gcp)

This is blatantly just marketing for their tool, it's not just "kinda sneaky". Tired of seeing stuff like this get upvoted.

It hardly feels sneaky... it's right on their blog. And they list a lot of projects alongside theirs. And their product is built off a popular open source D&R system.

So this feels pretty much fine I think.

A list of "cool tools" including the one the authors sell? It is a well made ad.

It absolutely is, but if all ads provided value like this and inserted their sell at the end... I wouldn't mind at all. Though maybe adding a disclaimer saying 'in case you didn't check the domain... we're Panther and this is what we do' or so might be more encouraging.

We will definitely add a disclaimer like this in the future! Thanks for the feedback. We really wanted to highlight these security tools that have added so much value to us in the past as practitioners.

What does it mean when you say a cloud-native service is open sourced?

Cloud-Native refers to running software by utilizing the services offered by cloud service providers (like AWS), versus running it on physical/virtual servers that must be managed. This application is also open-source and available on Github as a free application.

It means that the code hosted on a cloud server is available for inspection.

And presumably for you to run in public cloud environment you are renting yourself or a private cloud you are running yourself.

Exactly. Kubernetes could be considered "cloud-native" because it can be deployed on either public/private clouds