Merge pull request #1013 from guardicore/scoutsuite_docs

Scoutsuite docs
2021-03-03 11:51:29 -05:00 · 2021-03-03 11:51:29 -05:00 · 5bdb526db3
parent bcc462ee94 2ff84c9dc8
commit 5bdb526db3
9 changed files with 75 additions and 2 deletions
--- a/docs/content/usage/integrations/scoutsuite.md
+++ b/docs/content/usage/integrations/scoutsuite.md
@ -0,0 +1,67 @@
+---
+title: "Scoutsuite"
+date: 2021-03-02T16:23:06+02:00
+draft: false
+description: "Scout Suite is an open-source cloud security-auditing tool."
+weight: 10
+---
+
+### About ScoutSuite
+
+<a href="https://github.com/nccgroup/ScoutSuite" target="_blank" >Scout Suite</a> is an open-source cloud security-auditing tool.
+It queries the cloud API to gather configuration data. Based on configuration
+data gathered, ScoutSuite shows security issues and risks present in your infrastructure.
+
+### Supported cloud providers
+
+Currently, ScoutSuite integration only supports AWS environments.
+
+### Enabling ScoutSuite
+
+First, Infection Monkey needs access to your cloud API. You can provide access
+in the following ways:
+
+ - Provide access keys:
+    - Create a new user with ReadOnlyAccess and SecurityAudit policies and generate keys
+    - Generate keys for your current user (faster but less secure)
+ - Configure AWS CLI:
+    - If the command-line interface is available on the Island, it will be used to access 
+    the cloud API
+    
+More details about configuring ScoutSuite can be found in the tool itself, by choosing 
+"Cloud Security Scan" in the "Run Monkey" options. 
+
+![Cloud scan option in run page](/images/usage/integrations/scoutsuite_run_page.png 
+"Successful setup indicator")
+
+After you're done with the setup, make sure that a checkmark appears next to the AWS option. This 
+verifies that ScoutSuite can access the API.
+
+![Successfull setup indicator](/images/usage/integrations/scoutsuite_aws_configured.png 
+"Successful setup indicator")
+
+### Running a cloud security scan
+
+If you have successfully configured the cloud scan, Infection Monkey will scan
+your cloud infrastructure when the Monkey Agent is run **on the Island**. You
+can simply click on "From Island" in the run options to start the scan. The
+scope of the network scan and other activities you may have configured the Agent
+to perform are ignored by the ScoutSuite integration, except **Monkey
+Configuration -> System info collectors -> AWS collector**, which needs to
+remain **enabled**.
+
+
+### Assessing scan results
+
+After the scan is done, ScoutSuite results will be categorized according to the
+ZeroTrust Extended framework and displayed as a part of the ZeroTrust report.
+The main difference between Infection Monkey findings and ScoutSuite findings
+is that ScoutSuite findings contain security rules. To see which rules were
+checked, click on the "Rules" button next to the relevant test. You'll see a
+list of rule dropdowns that are color coded according to their status. Expand a
+rule to see its description, remediation and more details about resources
+flagged. Each flagged resource has a path so you can easily locate it in the
+cloud and remediate the issue.
+
+![Open ScoutSuite rule](/images/usage/integrations/scoutsuite_report_rule.png 
+"Successful setup indicator")
--- a/docs/content/usage/use-cases/zero-trust.md
+++ b/docs/content/usage/use-cases/zero-trust.md
@ -11,6 +11,8 @@ weight: 1
 Want to assess your progress in achieving a Zero Trust network? The Infection Monkey can automatically evaluate your readiness across the different
 [Zero Trust Extended Framework](https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210) principles.

+You can additionally scan your cloud infrastructure's compliance to ZeroTrust principles using [ScoutSuite integration.](/usage/integrations/scoutsuite)
+
 ## Configuration

 - **Exploits -> Credentials** This configuration value will be used for brute-forcing. The Infection Monkey uses the most popular default passwords and usernames, but feel free to adjust it according to the default passwords common in your network. Keep in mind a longer list means longer scanning times.
--- a/docs/static/images/usage/integrations/scoutsuite_aws_configured.png
+++ b/docs/static/images/usage/integrations/scoutsuite_aws_configured.png
--- a/docs/static/images/usage/integrations/scoutsuite_report_rule.png
+++ b/docs/static/images/usage/integrations/scoutsuite_report_rule.png
--- a/docs/static/images/usage/integrations/scoutsuite_run_page.png
+++ b/docs/static/images/usage/integrations/scoutsuite_run_page.png
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/scoutsuite/ScoutSuiteRuleButton.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/scoutsuite/ScoutSuiteRuleButton.js
@ -1,5 +1,5 @@
 import React, {Component} from 'react';
-import {Badge, Button} from 'react-bootstrap';
+import {Button} from 'react-bootstrap';
 import * as PropTypes from 'prop-types';

 import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
--- a/monkey/monkey_island/cc/ui/src/images/aws_keys_tutorial-any-user.png
+++ b/monkey/monkey_island/cc/ui/src/images/aws_keys_tutorial-any-user.png
--- a/monkey/monkey_island/cc/ui/src/images/aws_keys_tutorial-current-user.png
+++ b/monkey/monkey_island/cc/ui/src/images/aws_keys_tutorial-current-user.png
--- a/monkey/monkey_island/cc/ui/src/styles/components/scoutsuite/RuleModal.scss
+++ b/monkey/monkey_island/cc/ui/src/styles/components/scoutsuite/RuleModal.scss
@ -1,5 +1,9 @@
-.scoutsuite-rule-modal .modal-dialog{
+.scoutsuite-rule-modal .modal-dialog {
  max-width: 1000px;
  top: 0;
  padding: 30px;
 }
+
+.collapse-item.rule-collapse button > span:nth-child(2) {
+  flex: 1
+}