Cado is a cloud investigation platform designed to simplify and accelerate forensic investigations across multi-cloud and hybrid environments. By automating data capture and providing unified visibility, Cado enables security teams to focus on understanding incidents and mitigating threats efficiently. Affected: AWS, Azure, GCP
Keypoints :
- Cado streamlines forensic investigations by automating data capture from various platforms.
- It supports data collection from AWS EC2 instances and Tanium for endpoint data.
- Cado provides a unified view of data across multi-cloud and hybrid environments.
- The platform captures forensic data from containers and serverless functions.
- AI-driven analytics help identify indicators of compromise and streamline analysis.
- Security teams can respond faster by focusing on understanding threats rather than manual data gathering.
MITRE Techniques :
- TA0001 – Initial Access: Cado collects data from various entry points across cloud platforms.
- TA0002 – Execution: Automated data capture from containers and serverless functions ensures timely acquisition of evidence.
- TA0007 – Discovery: Cado normalizes data across environments, allowing for quick correlation of events.
- TA0009 – Collection: The platform automates the gathering of logs, memory dumps, and disk images.
- TA0011 – Command and Control: Cado enables tracking of attacker movement across multi-cloud environments.
Indicator of Compromise :
- [domain] example.aws.com
- [url] example.azure.com/resource
- [ip address] 192.0.2.1
- [file name] suspicious_file.exe
- [tool name] Tanium
- Check the article for all found IoCs.
Full Research: https://www.cadosecurity.com/blog/from-data-capture-to-analysis-how-cado-simplifies-cloud-investigations