Incident Pony is a first of its kind case management and Incident Response orchestration tool specifically designed for AWS.

With today's threat model, large cloud infrastructures require automation. Incident Pony leverages the strengths of the cloud to protect your business.


  • Respond Quickly, and Efficiently
  • Centralized Case Management
  • Easy Cross-Account Setup

Incident Response

  • Custom incident plans
  • Import from CSV
  • Timeline analysis
  • Reduced Time to Triage ( TTR )
  • Reduced Time to Containment ( TTC )
  • Reduced errors through automation

Easy Setup

  • Cross-account access
  • Multi-factor authentication
  • Federated authentication
  • Fine grain privilege settings

Case Management

  • "One Place" AWS incident management
  • Straight-forward case management
  • Progress tracking and log capture
  • Asset storage with custody chains
  • Casefile lifecycle management

Open source

ThreatResponse Toolkit

Incident Pony’s core feature set is open source by design.

Look for updates from the ThreatResponse project as it grows.