Skip to main content

NIDS for AWS Security Hub - AWS FTR ✅

We’re happy to announce that our network security monitoring and analysis platform for AWS Security Hub has successfully completed the AWS Foundational Technical Review

This review, performed in collaboration between our engineering team and AWS, guarantees that the best practices are in place for users of the platform.

Adopting strong standards and best practices is key to all aspects of our development and we are happy with the recognition this review provides. 

If you’d like to know more about 3CORESec NIDS for AWS Security Hub, please consult the AWS Security Hubs partner page. Want to see just how easily you can be up and running analysing your network traffic? You'll be up and running in less than 2 minutes:

About 3CORESec NIDS for AWS Security Hub

3CORESec NIDS for AWS Security Hub is part of our NTA product lineup for cloud-native workloads. Some of its key features include:

  • Turn-key solution
  • Fully automated deployment
  • Minimal permissions or changes
  • Fully automated operation/management
  • Automatically enriches network data with cloud metadata
  • Interact with security findings directly in AWS Security Hub
  • Fully self-contained within an AWS account for critical operation workloads
  • 100% compatible with, our NIDS management SaaS platform
  • 100% compatible with 3CORESec Lateral, our lateral movement detection ruleset

3CORESec NIDS for AWS Security Hub - Partner Program

The unique aspect of our platform lies on the innovative middleware (codenamed Maze) that we developed to process network data and make it cloud-aware. Through our partner program this technology is made available to a small group of companies who want to make their products capable of processing network data and interacting with AWS Security Hub. 

If you’d like to know more or participate in the program, please contact us using the booking information below.

Book a demo!

Want to know more or see it in action? Learn the ins and outs of the platform by scheduling some time to talk with the developers and engineers who built it.  

You can also learn more about Lawmaker at and browse our detection capabilities marketplace at

Social Networks

Feel free to reach out to us on Twitter or consider joining our Community Slack

Popular posts from this blog

Community Update - 3CORESec Blacklist 📓 🍯

Recently we tweeted about some issues we had with 3CORESec Blacklist , a platform that shares - openly and freely - a subset of the information seen and processed by our honeypot network.  While those issues have been addressed, and seeing as significant changes were made to how we monitor the generation of the lists (which is reflected in our status page ) and how we determine if an IP should be listed as an offending IP or not, this felt like a good opportunity to write a bit more about the platform as well as the changes we made.   For regular users of Blacklist 📓 the first thing they’ll notice is an increase on the numbers of IPs we include. That is a direct result of the changes we made and the growth of the honeypot network itself. We have not - and will not - ever increase the period for which we query the honeypot network, as we believe anything higher than 24h (as specified in the project page) for IP addresses can quickly fall into a decaying state that adds little value

Detection as Code (DaC) challenges - Introducing Automata

This blog post is the second part of our Detection as Code (DaC) challenges series. You can read part one here . The development process of detections by itself doesn't pose a lot of barriers for security engineering teams, as they are typically done in a lab/controlled environment, but after tuning and deploying rules to a SIEM, the work is only starting. Many things can go wrong after this, and a process of continued and automated testing is crucial. Detection Validation In an ideal (and fictional) world, once the datasets are parsed, normalized, and put into production, detections developed by your team would work forever. Still, the reality is quite different. Maintenance is heavy work that needs to be done frequently - especially if you work on an MSP - but the reality is that the ecosystem lacks tooling and processes to do it proactively. Effectiveness is an important metric and crucial to the successful response of incidents in time, and effectiveness is what we aim to ensu

The undetectable way of exporting an AWS DynamoDB

In this post we'll go over how we found a limitation in the current AWS CloudTrail logging features that limit detection capabilities of possible abuse against AWS DynamoDB, in the event of the user's AWS IAM keys being compromised. The objective of this article is to make users aware of this limitation and discuss alternatives for increasing the detection of attacks that might abuse it. This information was shared initially with AWS and only after going through the disclosure process with their security team did we decide to write it. Introduction & Methodology  A big part of the work done for our MDR platform comes from adversary simulation. Even though a lot of effort is put into developing our detection capabilities against a known killchain , we're constantly looking for alternative ways of attacking AWS workloads, regardless if the techniques are seen being used in the wild or not. Our methodology for doing these simulations is quite straightforward. We sta