Suzaku Sample Data

This repository contains various cloud logs containing attack data. This is to be used to test detection capabilities with Suzaku.

The data is gathered from the following sources:

Invictus-ir dataset: In August 2023, Invictus-ir did great research on simulating 32 attacks against AWS with the Stratus Red Team tool to compare detections with Sigma, Athena and Splunk rules and shared the dataset after the attacks.
Flaws.cloud dataset: Scott Piper from Summit Route made his public data from attacks against his free flaws.cloud training website in 2020. (Note that the IP addresses and accound IDs have been anonymized as explained here.)
SANS 504 S3 Ransomware Lab: This dataset comes from a simulated S3 ransomware scenario that was used in a previous lab. This is released with permission from course author Josh Wright.
Stratus Red Team: A great project by Datadog that simulates cloud attacks. Logs are automatically generated by Grimoire and anonymized by LogLicker.
Traildiscover.cloud: A great website that lists up all of the AWS API calls used in attacks and provides sample JSON data.

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
SANS-504-S3-ransomware-lab		SANS-504-S3-ransomware-lab
flaws.cloud		flaws.cloud
invictus-ir		invictus-ir
stratus-red-team.cloud		stratus-red-team.cloud
traildiscover.cloud/aws/cloudtrail		traildiscover.cloud/aws/cloudtrail
.gitignore		.gitignore
README.md		README.md

Provide feedback