Blog

Let’s dive in to our first attack scenario together: CDRGoat Scenario 2. This scenario demonstrates how a simple but popular web application vulnerability, SSRF, can escalate into complete AWS account compromise. We'll walk through a realistic attack chain that leverages common cloud misconfigurations rather than obvious security flaws.

Get started with Stream's CDRGoat! This post will walk through how to set up your environment, run your first scenario and start gaining value from the detections it generates.

Stream's CDRGoat is an open-source project that lets SecOps teams safely validate detections and investigations against realistic cloud attack paths. Each scenario, developed by Stream’s Security Research and Product teams, includes vulnerable infrastructure and walks through a guided live attack to show exactly how adversaries exploit cloud environments in practice.

Stream now integrates with Salesforce for advanced threat detection. The integration provides in-depth detection capabilities that will help you catch Salesforce breaches in real time, including the recent Salesloft Drift compromise.

For large-scale cloud environments, the math is simple. When detections depend on stale data, triage is manual, and investigations are fragmented, even the best teams fall behind. Stream’s platform gives SecOps teams complete cloud visibility in real-time, with built-in automations and AI tooling that make investigations easy.

Stream now integrates Snowflake audit logs directly into our SaaS and cloud detection framework. By including Snowflake activity as part of SaaS-sourced signals, we give SecOps teams complete visibility into how threats unfold across the chain of services connected to the cloud. This unified view closes the gaps that attackers target to ensure Snowflake is protected not just in isolation, but as part of the bigger cloud story.

Stream’s MCP offering is live. For the first time, you can interact directly with your CloudTwin using natural language, and embed those conversations into your workflows, automation, or AI tools.

Today, we’re excited to roll out our SaaS-sourced threat detections, built to give SecOps teams complete visibility across the services powering their cloud. Stream’s SaaS detections extend our end-to-end visibility beyond all cloud layers to include SaaS as part of our commitment to delivering full-spectrum coverage in a single platform.