Skip to content
Get a Demo
    curve design on left cloud image

    New Features in Cloudgrep: Yara Rules, JSON Output and Log Parsing

    We’ve recently added some new functionality to cloudgrep, the open source tool to search logs in cloud storage. This includes some fantstic contributions from the community too.

    1. Scanning with Yara Rules

    You can now run Yara rules with CloudGrep, like so:

    cloudgrep -b my-bucket -y path/to/yara_rules_file.yar

    In this example, -b my-bucket specifies the AWS S3 bucket to search, -y path/to/yara_rules_file.yar points to the file containing Yara rules. This is useful for scanning binary files in cloudstorage for malware and other patterns.

    2. Output in JSON Format

    You can now output any matches in JSON format, making it easier to integrate cloudgrep with other tooling and data-pipelines:

    cloudgrep -b my-bucket -q "search query" -jo > output.json

    Here, -b my-bucket specifies the bucket, -q "search query" is the search query, and -jo (or –json_output) enables JSON output, storing the output in the file “output.json”.

    Many thanks to Daniel Bohannon and Andi from Permiso for this additional functionality.

    3. Parsing Custom Format Logs

    CloudGrep now supports parsing custom format logs, such as CloudTrail logs.

    Command-Line Example: -b my-bucket -q "search query" -lt cloudtrail

    This command searches in my-bucket, where -q "search query" is the query, -lt (or –log_type) cloudtrail tells cloudgrep to parse the matching files as cloudtrail.

    Many thanks to Daniel Bohannon and Andi from Permiso for this additional functionality too.

    Let us know

    Let us know if you have any questions on any of the new features, and we’d love to see any more community contributions.

    You can grab the latest release of cloudgrep at

    Tag(s): Product Updates

    More from the blog

    View All Posts