Asi implementing-cloud-workload-protection
install
source · Clone the upstream repo
git clone https://github.com/plurigrid/asi
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/plurigrid/asi "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/asi/skills/implementing-cloud-workload-protection" ~/.claude/skills/plurigrid-asi-implementing-cloud-workload-protection && rm -rf "$T"
manifest:
plugins/asi/skills/implementing-cloud-workload-protection/SKILL.mdsource content
Implementing Cloud Workload Protection
When to Use
- When deploying or configuring implementing cloud workload protection capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Familiarity with cloud security concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
Instructions
Monitor cloud workloads for runtime threats by checking process lists, network connections, file integrity, and resource utilization anomalies.
import boto3 ssm = boto3.client("ssm") # Run command on EC2 instances to check for suspicious processes response = ssm.send_command( InstanceIds=["i-1234567890abcdef0"], DocumentName="AWS-RunShellScript", Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]}, )
Key protection areas:
- Process monitoring for cryptominers and reverse shells
- File integrity monitoring on critical system files
- Network connection auditing for C2 callbacks
- Resource utilization anomaly detection (CPU spikes)
- Unauthorized binary detection via hash comparison
Examples
# Check for unauthorized outbound connections ssm.send_command( InstanceIds=instances, DocumentName="AWS-RunShellScript", Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]}, )