Ben Pruce

You may consider modifying this structure to allow for running with master and member orgs all funneling guardduty alerts to the master which can then be hooked into slack. Example...

``` "message_template": "`{context.artifacts.event.details.username}` logged in from `{context.results.Geolocate_IP.country_name}` at coordinates `{context.results.Geolocate_IP.latitude}`, `{context.results.Geolocate_IP.longitude}`" ``` should be ``` "message_template": "`{context.artifacts.event.details.username}` logged in from `{context.results.Geolocate_IP.country}` at coordinates `{context.results.Geolocate_IP.latitude}`, `{context.results.Geolocate_IP.longitude}`" ```

https://twilio-labs.github.io/socless/your-first-endpoint/ " At the bottom of the file, let’s configure a lambda function that:" - is a bit confusing when going through the demo and can lead to improperly updating...

DynamoDB table and S3 bucket encryption missing

1

The dynamoDB tables supporting SOCless should be encrypted at rest by default. * socless_dedup * socless_playbooks * socless_execution_results * socless_message_responses * socless_custom_mappings * socless_events Same for S3: * socless-dev/prod-soclesslogs *...