Paladin Cloud is an extensible, cloud security platform for developers. Join the community at https://discord.gg/xvCFD29Jj4
Home Page: https://paladincloud.io/
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
[ec2-user@ip-10-0-0-89 installer]$ sudo python manager.py redeploy
############################################################
!!!!!!! WARNING !!!!!!!
############################################################
This system works with python version 3.5 or greater.
Please create virtualenv with python3 or upgrade python
[ec2-user@ip-10-0-0-89 installer]$ python --version
Python 2.7.18
In the admin section on the policy page, the first column needs to be changed from "Title" to "Policy".
We should update column two from "Asset" to "Asset Type" on that same page, as the listing is not individual assets.
In Dashboard -> Policy Compliance Overview
Additional details are missing
In Dashboard -> Asset Graph
Dashboard should only overlay Compliance Trend and Violation Trend, both as percentage.
On the Policy Violations Details page, rename Creation Date to Date Created, and add the timestamp of when it was created.
Installation fails with config value ENABLE_VULNERABILITY_FEATURE = False, which is the default one.
Install Paladincloud without changing the value of ENABLE_VULNERABILITY_FEATURE
Update the default value to ENABLE_VULNERABILITY_FEATURE = True, to pass the installation
Update the default value to ENABLE_VULNERABILITY_FEATURE = True, to pass the installation
I have enabled HTTPS for the ALB with a custom domain. I have allowed https to whole world for paladin security group that is attached to ALB. I am able to access the URL but failing to login.
Please suggest
Hi Team,
I am trying to add an azure account to local.py and trying to redeploy. But, unable to redeploy it. Please see the below error for reference.
I am using v1.5.2 release. Please help
How to upgrade the nginx version from 1.14.0 to a higher version once Paladin app is installed?
Is there a command supported by Paladin?
We are getting the below Vulnerability issue due to the nginx version.
"According to its Server response header, the installed version of nginx is 1.9.5 prior to
1.16.1 or 1.17.x prior to 1.17.3. It is, therefore, affected by multiple denial of service
vulnerabilities"
In Dashboard - Policy Compliance Tile-
Additional Details per Row -
Consistent Display Names - letter case is all over the place, spaces are not use consistently
ensure Cloud provider is always displayed consistently
Why is there an exempted AND IsAssetExempted filed? Remove one of them? Or explain
Compliance % should be "No Resources" if not measurable
Remove duplicate "compliance" field
organize the data with logically related fields near each other
After successful installation of version 2.0, unable to login using the user credentials created using Cognito. The login screen is stuck with the message "Please wait, while we fetch your access roles...".
I have followed all the exact steps mentioned in the installation document. Can someone let me know what am I missing here? Appreciate your help, thanks!
_Recommended instance type: t2.large (Minimum 8GB memory and 20GB disk space) or more.
t2.large comes with 25GB and we cannot create one with 20GB.
Launch an ec2 instance from the paladin AMI and change the volume to 20GB
Document should be updated with 25GB minimum disk space
Document should be updated with 25GB minimum disk space
inconsistent Asset type naming e.g. Securitypricings, Gkecluster, and Mysqlflexible.
Verify all Asset Types are Singular AND use their proper Display Name.
If you leave the UI open long enough for the session to expire, all pages in the UI continue to load, but all lists and dashboards are empty.
Looking at the browser console, all API calls are turning http status 401.
Stay logged into the UI long enough for your session to expire.
UI should redirect to login page on expired session to allow the user to login again.
UI does not alert you that your session is inactive. No errors or warnings on the page about loading data.
Failing at terraform stage.
Can't login in the app
Getting a "503 Service Temporary Unavailable" error when sending auth data to /api/auth/user/login
On the policy details page, the title "Creation On" needs renamed to "Date Created"
Screenshot: https://drive.google.com/file/d/1a6xMwMWccGLyH4jbRquU5RxegmKOEIJk/view
In Violations - search bar When trying to type something on the text input, it has to show Text cursor icon, instead its showing hand pointer icon
In Dashboard, Violations component - the Policy & asset numbers should be clickable and go to Policy list view and Asset list view
On the Policy page, the policies are listed under the heading of "Title" when they should be listed under "Policy".
Legend order should be:
Critical, High, Medium, Low, Total
I have enabled to monitor Azure Cloud in settings/local.py and also added respective service principle attributes (clientid, secretid, tenantid) with Reader permissions to the Azure resource group.
I am unable to view the Azure cloud data and either the data is collected from the Azure cloud.
Can someone please help?
The installer is failing during Step 8 of the Terraform plan.
debug.log tail shows
Error: aws_s3_object.lambda_submit_s3_upload_UploadLambdaSubmitJobZipFile: Provider doesn't support resource: aws_s3_object
error.log tail shows
Error: aws_s3_object.lambda_submit_s3_upload_UploadLambdaSubmitJobZipFile: Provider doesn't support resource: aws_s3_object
Launch the installer
Completed install
Install fails
Wrong message is passed after seeing the message 430 resources are getting deployed. Customers never have an idea that this includes the rules.
Install Paladincloud
Please update the message so that customers get an clear idea of how many aws resources are deployed. Separate the rules and aws resources.
Please update the message so that customers get an clear idea of how many aws resources are deployed. Separate the rules and aws resources.
I would like to be able to use tags as an abstraction layer to decide whether or not to disable policies for a given asset. This is very similar to #943 but applies to disabling policies rather than suppressing results for alerting and reporting purposes.
I many cases companies have used account boundaries for isolating compliance needs, while this is admirable it in many cases is not easily doable and its important for security tools to meet the customer where they are rather than tell them "well you should be here"...chances are they know and they wish they could isolate in such a manner. Rather than unreasonably asking folks to migrate their apps all over the place its more reasonable to ask owners of resources to tag their assets (ideally in automation). Lets empower folks to make light changes in their infrastructure and allow our exception model to be flexible.
Even if you have implemented โ๏ธ you may find the need to suppress results based on the needs of the individual resource. See the examples for further clarification.
Lets take some very basic guidelines such as "Never expose SSH/RDP to the world". Is this always true or is it ALMOST always true?
It would be preferable to to suppress these types of events with a tag of Service = (Bastion|VPN|...) while not turning off the visibility on other assets within the same account.
Often times we have mixed resources that have different security needs. For example you may find that tagging a resource such as RDS, S3, etc with some organizational standard tags could result in reduced noise.
If one tags a resource with (PCI|PHI|...)=(true|false) we can decide how to instruct the platform to activate, disable, or suppress various checks based on the frameworks at play. This becomes more important as we have shared resources in technologies such as k8s where there may be distinct node groups to address compliance needs within the same cluster while allowing flexibility for other use cases.
Display the ViolationID in the Policy Violations Detail UI
Could you please guide us to update the paladin cloud logo on portal with custom logo?
Despite the setup being complete, I cannot access the Paladin Cloud
I am exploring Paladin Cloud.
I followed the installation instructions provided in the following documentation -
https://github.com/PaladinCloud/CE/wiki/Installation
************************************************* OUTPUT ************************************************
MySQL Host: paladincloud-data.************.us-east-1.rds.amazonaws.com:3306
MySQL DB: pacmandata
DB Username: paladin
DB Password: ***********
ES Host: vpc-paladincloud-data-**************************.us-east-1.es.amazonaws.com
Kibana Host: vpc-paladincloud-data-**************************.us-east-1.es.amazonaws.com/_plugin/kibana/
Paladin Cloud URL: http://internal-paladincloud-**********.us-east-1.elb.amazonaws.com
Admin: [[email protected]](mailto:[email protected]) / PaladinAdmin!!
User: [[email protected]](mailto:[email protected]) / PaladinUser!!
*********************************************************************************************************
Note: Setting up SSL before the installation will save up to thirty minutes of time. Click here for the steps to set up SSL before installation.โ
Hyperlink for - Click here for the steps to set up SSL before installation is missing.
Event Log, sort by column is not working on Start Time and End Time columns
The Violations List View needs to have the Issue ID column renamed to Violation ID
404 Client Error: Not Found
We are getting the below error while installing Paladin app. Could you please help on this.
1 error occurred:
* null_resource.pacbot_app_ecr_APIDockerImageBuild: Error running command '/opt/CE-1.0.1/installer/data/terraform/scripts_and_files/scripts/create_docker_image_and_push_to_ecr.py': exit status 1. Output: Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/docker/client.py", line 170, in _raise_for_status
response.raise_for_status()
File "/usr/local/lib/python3.7/site-packages/requests/models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http+docker://localunixsocket/v1.24/images/*********.dkr.ecr.us-west-1.amazonaws.com/paladincloud-microservices?force=True&noprune=False
Is it normal that when installing Paladin Cloud, the installer creates 7 m4.large instances?
I successfully installed Paladin Cloud, then I checked my EC2 instances and then I saw 7 new instances. Those are very expensive instances and I couldn't find any details about it in the Installation notes
When hovering over the "i" icon indicating a tooltip, it does not display. I was told the data is in the system, but it is not displaying.
This file holds the code for the tooltip HTML, but this seems like an issue with js.
Hover the cursor over the icon
A popup displaying information as a tooltip
Nothing happens
pick a mandatory tag policy - does not match our recommended mandatory tags definition
I would like to be able to use tags to create sticky exceptions.
I many cases companies have used account boundaries for isolating compliance needs, while this is admirable it in many cases is not easily doable and its important for security tools to meet the customer where they are rather than tell them "well you should be here"...chances are they know and they wish they could isolate in such a manner. Rather than unreasonably asking folks to migrate their apps all over the place its more reasonable to ask owners of resources to tag their assets (ideally in automation). Lets empower folks to make light changes in their infrastructure and allow our exception model to be flexible.
Even if you have implemented โ๏ธ you may find the need to suppress results based on the needs of the individual resource. See the examples for further clarification.
Lets take some very basic guidelines such as "Never expose SSH/RDP to the world". Is this always true or is it ALMOST always true?
It would be preferable to to suppress these types of events with a tag of Service = (Bastion|VPN|...) while not turning off the visibility on other assets within the same account.
Often times we have mixed resources that have different security needs. For example you may find that tagging a resource such as RDS, S3, etc with some organizational standard tags could result in reduced noise.
If one tags a resource with (PCI|PHI|...)=(true|false) we can decide how to instruct the platform to activate, disable, or suppress various checks based on the frameworks at play. This becomes more important as we have shared resources in technologies such as k8s where there may be distinct node groups to address compliance needs within the same cluster while allowing flexibility for other use cases.
On the Violations page, the filter "AccountName" should be named to "Account Name" (needs a space added)
The Policy Violations Details page should display each Mandatory Tag as name:value pair. If a Mandatory Tags is untagged, show name: with a clear visual indicating that the tag is not assigned.
Hi Team,
I followed the steps from the documentation to upgrade to 1.5.2 latest version but unable to redeploy.
Please see the below error
"Error occured in Terraform file generation. Resource: ReplaceSQLPlaceHolder"
Can someone please help
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.