zoph-io / aws-security-survival-kit Goto Github PK
View Code? Open in Web Editor NEWBare minimum AWS Security Alerting and Configuration
Home Page: https://bio.link/zoph
License: GNU General Public License v3.0
Bare minimum AWS Security Alerting and Configuration
Home Page: https://bio.link/zoph
License: GNU General Public License v3.0
Alarm on IMDSv1 Instances RunInstances
"metadataOptions": {
"state": "pending",
"httpTokens": "optional",
"httpPutResponseHopLimit": 1,
"httpEndpoint": "enabled",
"httpProtocolIpv4": "enabled",
"httpProtocolIpv6": "disabled",
"instanceMetadataTags": "disabled"
},
Provided by @christophelimpalair : https://github.com/4n6ir/expediate
The project sounds similar to what we are doing, sadly archived by the author (@jblukach / @4n6ir).
New detections based on this paper
Work on a better CloudWatch Dashboarding capability.
The idea is to be able to enable/disable some of the basic features of this kit.
For example, you don't want to enable the alerting when someone is triggering sts get-caller-identity to avoid alert fatigue.
Consolidate in a CW Dashboard some useful metrics and findings like the CloudWatch Insight logs of "AccessDenied" to easily find and understand what is going wrong.
I am not the best at navigating CloudTrail, but I am usually able to find things. However, after installing this excellent set of cloudfront scripts, I am getting notifications every so often that there is an unauthorized api call and I can't find them. Any assistance? Thank you again for creating this kit.
Add the native support of Slack and Microsoft Teams using AWS Chatbot.
Hi,
The CTLogGroupName variable needs to point to an already existing Log Group created in CloudWatch. If the log group is not created the following errors are reported in CloudFormation:
If the log group is created, the kit works like a charm!
Can you add in the cloud formation template also the log group creation? I recommend to put 1 week retention not to have surprise costs, or have the retention defined as a variable in your Makefile.
Thanks for the work!
Create a version which supports multi-account setups (AWS Organizations).
It should:
Rationale:
Please consider defining a license, I would like to use this in line with your wishes. Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.