Key features

Serverless and AWS-native

Our serverless solution seamlessly integrates with AWS Config, AWS CloudTrail, AWS Security Hub and Amazon GuardDuty.

Provision security sensors

Provision custom AWS Config- and AWS EventBridge Rules precisely in all your required accounts.

Tailor AWS Security Hub Standards

Manage the security standards of AWS Security Hub on member-account level.

Illustration of semper-illustration

Filter Security Findings

Define policies for filtering out accepted security findings and automated reflection to AWS Security Hub and Amazon GuardDuty.

More context information

Enrich relevant security findings with context information like account tags for better post processing.

Policy as Code

Manage all SEMPER features with a single Policy as Code repository.

In a nutshell…

Policy based Security Sensor Distribution

SEMPER deploys and configures sensors in all your AWS Accounts based on predefined policy sets that you can customize and extend. The sensors are built on the cloud native services AWS Security Hub, AWS CloudTrail, AWS Config and Amazon GuardDuty. We continuously extend and optimize the policy sets to meet security best practices and compliance standards.

Illustration of semper-configure

Policy based Security Finding Processing

SEMPER collects all the sensor events centrally and enriches them with important metadata like source account tags, context from AWS Organizations and policy based infos. Furthermore, SEMPER is capable of suppressing and filtering false positives based on your predefined rules. The enriched findings are sent to an SNS Topic and persisted in a CloudWatch Logs stream. From there you can either pass them for further analysis to a third party tool of your choice (Splunk, Logstash, AWS QuickSight, etc) or you can go a step further and implement auto-remediation for certain findings.

Illustration of semper-processing