AWS IReveal
Provides a unified interface to AWS services, enabling security teams and incident responders to investigate and analyze security incidents within their AWS environment.
Acerca de
AWS IReveal is a Model Context Protocol (MCP) server that empowers security teams and incident responders with a centralized interface to various AWS services crucial for investigation. By integrating with an MCP client like Claude Desktop, it facilitates seamless querying and analysis across CloudTrail, Amazon Athena, CloudWatch, Amazon GuardDuty, AWS Config, VPC Flow Logs, Network Access Analyzer, and IAM Access Analyzer, all within your LLM-driven workspace. This consolidation streamlines incident response workflows and enables faster, more comprehensive analysis of security events within your AWS infrastructure.
Características Principales
- Integrates with CloudTrail for API activity logging analysis.
- Enables SQL queries over CloudTrail logs via Amazon Athena.
- Supports operational log search and visualization through CloudWatch and VPC Flow Logs.
- Surfaces security alerts from Amazon GuardDuty and IAM Access Analyzer.
- Allows verification of network reachability and configuration using Network Access Analyzer.
- 2 GitHub stars
Casos de Uso
- Propose remediations for GuardDuty findings based on risk level.
- Analyze activity by IP address or role to identify suspicious behavior.
- Investigate CloudWatch logs related to specific AWS services.
