AlertResponder is an automatic security alert response framework by AWS Server less Application Model. It is a server less framework for automatic response of security alert.
Overview
AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response.
Also Read – Grouper2 : To Find Vulnerabilities In AD Group Policy
Concept
Please replace following variables according to your environment:
$REGION
: Replace it with your AWS region. (e.g. ap-northeast-1)$STACK_NAME
: Replace it with CloudFormation stack name$ curl -o alert_responder.yml https://s3-$REGION.amazonaws.com/cfn-assets.$REGION/AlertResponder/templates/latest.yml
$ aws cloudformation deploy –template-file alert_responder.yml –stack-name $STACK_NAME –capabilities CAPABILITY_IAM
Prerequisite
Deploy own AlertResponder stack
Prepare a parameter file, e.g. config.json
and run make command.
$ cat config.json
{
“StackName”: “your-alert-responder-name”,
“TestStackName”: “your-test-stack-name”,
“CodeS3Bucket”: “your-some-bucket”,
“CodeS3Prefix”: “for-example-functions”,
“InspectionDelay”: “1”,
“ReviewDelay”: “10”
}
$ env AR_CONFIG=config.json make deploy
Deploy a test stack
After deploying AlertResponder, move to under tester
directory and deploy a stack for testing.
$ cd tester/
$ make AR_CONFIG=../config.json deploy
You can see param.json
that is created by script under tester
directory after deploying.
$ cat params.json
{
“AccountId”: “214219211678”,
“Region”: “ap-northeast-1”,
“Inspector”: “slam-alert-responder-test-functions-Inspector-1OBGU89CT1P4B”,
“Reporter”: “slam-alert-responder-test-functions-Reporter-1NDHU0VDI8OPA”
}
Then, back to top level directory of the git repository and you can run integration test.
$ go test -v
=== RUN TestInvokeBySns
— PASS: TestInvokeBySns (3.39s)
(snip)
PASS
ok github.com/m-mizutani/AlertResponder 20.110s
When you write a Bash script in Linux, you want it to run correctly every…
Introduction If you’re new to Bash scripting, one of the first skills you’ll need is…
What is Bash Scripting? Bash scripting allows you to save multiple Linux commands in a file and…
When it comes to automating tasks on Linux, Bash scripting is an essential skill for both beginners…
Learn how to create and use Bash functions with this complete tutorial. Includes syntax, arguments,…
Introduction Unlock the full potential of your Linux system with this comprehensive guide to essential…