AlertResponder is an automatic security alert response framework by AWS Server less Application Model. It is a server less framework for automatic response of security alert.
Overview
AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response.
Also Read – Grouper2 : To Find Vulnerabilities In AD Group Policy
Concept
Please replace following variables according to your environment:
$REGION: Replace it with your AWS region. (e.g. ap-northeast-1)$STACK_NAME: Replace it with CloudFormation stack name$ curl -o alert_responder.yml https://s3-$REGION.amazonaws.com/cfn-assets.$REGION/AlertResponder/templates/latest.yml
$ aws cloudformation deploy –template-file alert_responder.yml –stack-name $STACK_NAME –capabilities CAPABILITY_IAM
Prerequisite
Deploy own AlertResponder stack
Prepare a parameter file, e.g. config.json and run make command.
$ cat config.json
{
“StackName”: “your-alert-responder-name”,
“TestStackName”: “your-test-stack-name”,
“CodeS3Bucket”: “your-some-bucket”,
“CodeS3Prefix”: “for-example-functions”,
“InspectionDelay”: “1”,
“ReviewDelay”: “10”
}
$ env AR_CONFIG=config.json make deploy
Deploy a test stack
After deploying AlertResponder, move to under tester directory and deploy a stack for testing.
$ cd tester/
$ make AR_CONFIG=../config.json deploy
You can see param.json that is created by script under tester directory after deploying.
$ cat params.json
{
“AccountId”: “214219211678”,
“Region”: “ap-northeast-1”,
“Inspector”: “slam-alert-responder-test-functions-Inspector-1OBGU89CT1P4B”,
“Reporter”: “slam-alert-responder-test-functions-Reporter-1NDHU0VDI8OPA”
}
Then, back to top level directory of the git repository and you can run integration test.
$ go test -v
=== RUN TestInvokeBySns
— PASS: TestInvokeBySns (3.39s)
(snip)
PASS
ok github.com/m-mizutani/AlertResponder 20.110s
Nginx server blocks let you run more than one website on a single server. Each block…
Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…
Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…
VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…
Java developers use project management tools to automate building their applications. Apache Maven is an open source…
Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…