* Added aws region getter
* Moved productARN to server_config.json file
This commit is contained in:
parent
a42d621340
commit
8e6ab5b9f5
|
@ -14,6 +14,10 @@ class AwsEnvironment(Environment):
|
|||
def _get_instance_id():
|
||||
return AWS.get_instance_id()
|
||||
|
||||
@staticmethod
|
||||
def _get_region():
|
||||
return urllib2.urlopen('http://169.254.169.254/latest/meta-data/placement/availability-zone').read()[:-1]
|
||||
|
||||
def is_auth_enabled(self):
|
||||
return True
|
||||
|
||||
|
|
|
@ -14,13 +14,16 @@ ENV_DICT = {
|
|||
}
|
||||
|
||||
|
||||
def load_env_from_file():
|
||||
def load_server_configuration_from_file():
|
||||
with open('monkey_island/cc/server_config.json', 'r') as f:
|
||||
config_content = f.read()
|
||||
config_json = json.loads(config_content)
|
||||
return config_json['server_config']
|
||||
return json.loads(config_content)
|
||||
|
||||
|
||||
def load_env_from_file():
|
||||
config_json = load_server_configuration_from_file()
|
||||
return config_json['server_config']
|
||||
|
||||
try:
|
||||
__env_type = load_env_from_file()
|
||||
env = ENV_DICT[__env_type]()
|
||||
|
|
|
@ -5,6 +5,7 @@ import boto3
|
|||
|
||||
from cc.resources.exporter import Exporter
|
||||
from cc.services.config import ConfigService
|
||||
from cc.environment.environment import load_server_configuration_from_file
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -57,10 +58,12 @@ class AWSExporter(Exporter):
|
|||
'shared_passwords': AWSExporter._handle_shared_passwords_issue,
|
||||
}
|
||||
|
||||
product_arn = load_server_configuration_from_file()['aws'].get('sec_hub_product_arn', '')
|
||||
|
||||
finding = {
|
||||
"SchemaVersion": "2018-10-08",
|
||||
"Id": uuid.uuid4().hex,
|
||||
"ProductArn": "arn:aws:securityhub:us-west-2:324264561773:product/aws/guardduty",
|
||||
"ProductArn": product_arn,
|
||||
"GeneratorId": issue['type'],
|
||||
"AwsAccountId": "324264561773",
|
||||
"Types": [
|
||||
|
@ -308,4 +311,4 @@ class AWSExporter(Exporter):
|
|||
"Text": "The machine {0} ({1}) is vulnerable to a SMB attack. The Monkey authenticated over the SMB protocol with user {2} and its password.".format(issue['machine'], issue['ip_address'], issue['username'])
|
||||
}
|
||||
}
|
||||
return finding
|
||||
return finding
|
|
@ -1,3 +1,6 @@
|
|||
{
|
||||
"server_config": "standard"
|
||||
"server_config": "standard",
|
||||
"aws": {
|
||||
"sec_hub_product_arn": "arn:aws:securityhub:us-west-2:324264561773:product/aws/guardduty"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue