Frequently Asked Questions

Cloud Snitch is a web-based tool with one simple goal: to make it easy for you to understand what is happening in your AWS accounts. Inspired by the incredible Little Snitch app for macOS, Cloud Snitch gives you an easy to digest, visual representation of the activities of your team, services, and anyone or anything else that may be accessing your accounts.

Whether your goal is diagnostics, intrusion detection, or just plain curiosity, you're guaranteed to learn something new about your cloud with Cloud Snitch.

Cloud Snitch is developed by Paragon Cybersecurity, an LLC owned by tech and security enthusiast Chris Brown. Feel free to connect with me on LinkedInor follow me on GitHub. For inquiries about Cloud Snitch, you can also contact us directly.

Absolutely! Cloud Snitch requires minimal, read-only access to your AWS account. It will securely ingest CloudTrail entries and use them only for the purposes of providing service to you. You will not need to share any sensitive credentials with us, and we'll never share your data with anyone else. In fact, we won't even look at your data unless it is strictly necessary to support you.

If you'd like to take a look at the exact permissions we require, you can read through the CloudFormation template we provide for setting up integrations. Once you get started, you can also use Cloud Snitch to monitor Cloud Snitch itself!

Still not sure? Cloud Snitch is 100% open source, so everything is out in the open and auditable by the community.

Yes, Cloud Snitch is currently only available for AWS. If you are interested in seeing support for other clouds, please contact us and let us know!

Cloud Snitch ingests data from your AWS account daily. Real-time monitoring may be provided in the future, but Cloud Snitch is generally expected to complement other real-time monitoring and alerting solutions by giving you additional diagnostic capabilities and insights that you can use to respond to incidents or proactively identify blind spots in your monitoring.

If you have reason to believe that your AWS account has been compromised, you should take immediate action by engaging in a cycle of "containment", "eradication", "recovery", and "analysis" activities as outlined by the standard NIST incident response cycle.

This should always begin with contacting AWS support immediately.

AWS provides a number of resources to help you understand what activities should be included in your incident response cycle. For example, they publish the AWS Security Incident Response Guide and templates for security playbooks in GitHub. We recommend reviewing these resources before you encounter an incident so you can develop your own playbooks for incident response ahead of time.