p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #863 from VakarisZ/security_hub_fixes 

Security hub fixes
This commit is contained in:
VakarisZ 2020-12-08 16:37:36 +02:00 committed by GitHub
parent ac71a3ecb5 d77819b2bb
commit 17ee823b08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/content/usage/integrations/aws-security-hub.md
View File

@ -23,6 +23,13 @@ If the correct permissions have been set on the AWS IAM role of the Monkey Islan
Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.
### Enabling finding reception
Before starting the scan, make sure that AWS Security Hub is accepting findings by enabling Infection Monkey
integration. Find **GuardiCore: AWS Infection Monkey** integration on the list and click on **Accept findings**.
![Enabled integration](/images/usage/integrations/security-hub-enable-accepting-findings.png "Enabled integration")
## Integration details
The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.

BIN
docs/static/images/usage/integrations/security-hub-enable-accepting-findings.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

5
monkey/monkey_island/cc/services/reporting/aws_exporter.py
View File

@ -6,13 +6,14 @@ import boto3
from botocore.exceptions import UnknownServiceError
from common.cloud.aws.aws_instance import AwsInstance
from monkey_island.cc.environment import EnvironmentConfig
from monkey_island.cc.services.reporting.exporter import Exporter
__authors__ = ['maor.rayzin', 'shay.nehmad']
logger = logging.getLogger(__name__)
INFECTION_MONKEY_ARN = "324264561773:product/guardicore/aws-infection-monkey"
class AWSExporter(Exporter):
@staticmethod
@ -68,7 +69,7 @@ class AWSExporter(Exporter):
# azure and conficker are not relevant issues for an AWS env
}
configured_product_arn = EnvironmentConfig.get_from_file().aws.get('sec_hub_product_arn', '')
configured_product_arn = INFECTION_MONKEY_ARN
product_arn = 'arn:aws:securityhub:{region}:{arn}'.format(region=region, arn=configured_product_arn)
instance_arn = 'arn:aws:ec2:' + str(region) + ':instance:{instance_id}'
# Not suppressing error here on purpose.

3
monkey/monkey_island/cc/services/reporting/exporter_init.py
View File

@ -1,6 +1,5 @@
import logging
import monkey_island.cc.environment.environment_singleton as env_singleton
from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
from monkey_island.cc.services.reporting.aws_exporter import AWSExporter
from monkey_island.cc.services.reporting.report_exporter_manager import \
@ -22,7 +21,7 @@ def try_add_aws_exporter_to_manager(manager):
# noinspection PyBroadException
try:
RemoteRunAwsService.init()
if RemoteRunAwsService.is_running_on_aws() and ('aws' == env_singleton.env.get_deployment()):
if RemoteRunAwsService.is_running_on_aws():
manager.add_exporter_to_list(AWSExporter)
except Exception:
logger.error("Failed adding aws exporter to manager. Exception info:", exc_info=True)