Skip to main content
qrieqrie

Real-Time CSPM That Runs in Your AWS Account

Deploy in 15 minutes. Detect drift instantly via EventBridge, not slow batch scans. Your data never leaves your AWS environment.

By requesting access you agree to our privacy policy.

Real-time
EventBridge detection
Cost-effective
At any scale
Your AWS
Customer-deployed
15 minutes
To deploy
qrie dashboard showing security findings summary
qrie management view showing active policies and accounts
qrie findings explorer showing policy violations
qrie drift correction details showing scan metrics
Dashboard Overview
Real-time summary of findings, compliance status, and resource inventory

Why qrie

Real-Time Detection, Not Batch Scans

Unlike agent-based SaaS tools that poll every 4-24 hours, <span style='font-family: Quicksand, sans-serif; font-weight: 700;'>qrie</span> uses EventBridge to detect configuration drift instantly. No missed windows, no stale data.

Your Data Stays in Your Account

Runs entirely in your AWS account. No vendor SaaS access to your data. Ideal for teams with data residency requirements.

Transparent & Editable Policies

14 security policies across S3, EC2, IAM, and RDS—expanding to 38+. See every rule, edit parameters, and build your own. No black box algorithms.

Cost Comparison

Startup (3 accounts, 4K resources)
$7.2K/yr
vs. $30K+ with SaaS tools
Growth (15 accounts, 80K resources)
$96K/yr
vs. $300K+ with SaaS tools
Enterprise (50+ accounts)
Custom
Volume discounts, scales to 1000s

How it works

From deployment to continuous compliance in three steps

Step 01

Deploy

15 minutes

We provision a dedicated QOP account in your AWS environment. Your data never leaves your infrastructure.

Step 02

Connect

One-time setup

Run our onboarding script to forward CloudTrail events via EventBridge. No agents, no credentials shared.

Step 03

Monitor

Real-time

Security findings appear instantly as resources change. Review, remediate, and track compliance from your dashboard.

Policy Coverage

Comprehensive compliance frameworks with transparent, editable policies

Compliance Frameworks

CIS AWS Foundations Benchmark
11 policies implemented, expanding coverage
SOC 2 Common Controls
12 policies covering access & encryption
HIPAA Security Controls
12 policies for access, encryption & audit
CMMC, PCI-DSS & More
Expanding coverage based on customer needs

Security Policies

S3 Bucket Public Access
Detects S3 buckets allowing public read/write access
S3 Bucket Encryption
Ensures S3 buckets have encryption enabled
S3 Bucket Versioning
Verifies S3 bucket versioning is enabled
S3 Bucket MFA Delete
Ensures versioned buckets require MFA for deletion
S3 Bucket Logging
Verifies S3 access logging is enabled
Available Soon
IAM Root Account Usage
Detects root account activity
IAM User MFA Enforcement
Ensures all IAM users have MFA enabled
IAM Access Key Unused
Flags access keys unused for 90+ days
IAM Access Key Rotation
Ensures access keys are rotated regularly
IAM Overly Permissive Policies
Detects policies with wildcard permissions
IAM Public Policy Analyzer
Detects policies granting permissions to external accounts
Available Soon
EC2 Unencrypted EBS Volumes
Detects EC2 instances with unencrypted EBS volumes
Security Group Open to World
Flags security groups allowing 0.0.0.0/0 ingress
Security Group High-Risk Ports
Detects exposed SSH/RDP/database ports
Default Security Group Usage
Flags usage of default security groups
EBS Default Encryption
Ensures account-level EBS encryption is enabled
Available Soon
EC2 IMDSv1 Enabled
Detects instances vulnerable to SSRF attacks
Available Soon
EBS Snapshot Public
Detects publicly accessible EBS snapshots
Available Soon
AMI Public
Detects publicly accessible AMIs
Available Soon
RDS Public Access
Detects RDS instances accessible from the internet
RDS Backup Disabled
Ensures automated backups are enabled
Available Soon
RDS Encryption Disabled
Verifies RDS storage encryption is enabled
Available Soon
VPC Flow Logs Disabled
Ensures VPC flow logs are enabled
Available Soon
CloudTrail Logging Disabled
Ensures CloudTrail logging is enabled
CloudTrail Log Validation
Verifies log file validation is enabled
KMS Key Rotation Disabled
Ensures KMS key rotation is enabled
Lambda Function Public
Detects Lambda functions allowing public invocation
Lambda Environment Variables Unencrypted
Ensures environment variables are encrypted
Available Soon
CloudWatch Log Retention Insufficient
Ensures log retention is at least 90 days
Available Soon
Secrets Manager Rotation Disabled
Ensures secret rotation is configured
Available Soon
GuardDuty Disabled
Verifies GuardDuty threat detection is enabled
Available Soon
AWS Config Recorder Disabled
Ensures AWS Config recorder is enabled
Available Soon
ELB Access Logging Disabled
Verifies load balancer access logging is enabled
Available Soon
SNS Topic Public
Detects SNS topics allowing public subscriptions
Available Soon
SQS Queue Public
Detects SQS queues allowing public access
Available Soon
ECR Image Scanning Disabled
Ensures container image scanning is enabled
Available Soon
Elasticsearch Domain Public
Detects publicly accessible Elasticsearch domains
Available Soon
Redshift Cluster Public
Detects publicly accessible Redshift clusters
Available Soon
SSM Parameter Store Unencrypted
Ensures Parameter Store parameters are encryptedAvailable Soon

See qrie in action

Get a 15‑minute walkthrough and a sandbox environment.

We’ll never sell your data. Period.