AlertResponder is an automatic security alert response framework by AWS Server less Application Model. It is a server less framework for automatic response of security alert.
Overview
AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response.
Also Read – Grouper2 : To Find Vulnerabilities In AD Group Policy
Concept
Please replace following variables according to your environment:
$REGION
: Replace it with your AWS region. (e.g. ap-northeast-1)$STACK_NAME
: Replace it with CloudFormation stack name$ curl -o alert_responder.yml https://s3-$REGION.amazonaws.com/cfn-assets.$REGION/AlertResponder/templates/latest.yml
$ aws cloudformation deploy –template-file alert_responder.yml –stack-name $STACK_NAME –capabilities CAPABILITY_IAM
Prerequisite
Deploy own AlertResponder stack
Prepare a parameter file, e.g. config.json
and run make command.
$ cat config.json
{
“StackName”: “your-alert-responder-name”,
“TestStackName”: “your-test-stack-name”,
“CodeS3Bucket”: “your-some-bucket”,
“CodeS3Prefix”: “for-example-functions”,
“InspectionDelay”: “1”,
“ReviewDelay”: “10”
}
$ env AR_CONFIG=config.json make deploy
Deploy a test stack
After deploying AlertResponder, move to under tester
directory and deploy a stack for testing.
$ cd tester/
$ make AR_CONFIG=../config.json deploy
You can see param.json
that is created by script under tester
directory after deploying.
$ cat params.json
{
“AccountId”: “214219211678”,
“Region”: “ap-northeast-1”,
“Inspector”: “slam-alert-responder-test-functions-Inspector-1OBGU89CT1P4B”,
“Reporter”: “slam-alert-responder-test-functions-Reporter-1NDHU0VDI8OPA”
}
Then, back to top level directory of the git repository and you can run integration test.
$ go test -v
=== RUN TestInvokeBySns
— PASS: TestInvokeBySns (3.39s)
(snip)
PASS
ok github.com/m-mizutani/AlertResponder 20.110s
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…