p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added some tags, AWS pages, and config note about it being incomplete for now

This commit is contained in:
Shay Nehmad 2020-06-28 11:35:16 +03:00
parent 6afc200607
commit e64786f492
23 changed files with 230 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/content/development/contribute-documentation.md
View File

@ -2,6 +2,7 @@
title: "Contribute Documentation"
date: 2020-06-17T17:31:54+03:00
draft: false
tags: ["contribute"]
---
The `/docs` folder contains the Monkey Documentation site.

1
docs/content/development/setup-development-environment.md
View File

@ -2,6 +2,7 @@
title: "Setting up a development environment"
date: 2020-06-08T19:53:00+03:00
draft: false
tags: ["contribute"]
---
## Deployment scripts

2
docs/content/setup/_index.md
View File

@ -9,7 +9,7 @@ tags = ["setup"]
# Setting up Infection Monkey
Setting up Infection Monkey is really easy! First, you need to [download the Infection Monkey from our site](https://infectionmonkey.com/).
Setting up Infection Monkey is really easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}download the Infection Monkey from our site{{% /button %}}.
Once you've downloaded an installer, you can follow the relevant guide for your environment:

4
docs/content/setup/aws.md
View File

@ -28,6 +28,10 @@ You will be presented a login page. Use the username **monkey**, and the new EC2
![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
## Integration with AWS services
The Monkey has built-in integrations with AWS services for better execution and reporting. See [Usage -> Integrations](../../usage/integrations) for more details.
## Upgrading
Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.

1
docs/content/usage/accounts-and-security.md
View File

@ -4,6 +4,7 @@ date: 2020-06-22T15:36:56+03:00
draft: false
weight: 50
pre: "<i class='fas fa-user-lock'></i> "
tags: ["usage", "password"]
---
## Security in Infection Monkey

4
docs/content/usage/configuration/_index.md
View File

@ -11,6 +11,10 @@ pre: "<i class='fas fa-sliders-h'></i> "
The Monkey is highly configurable. Nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.
{{% notice warning %}}
This section of the documentation is incomplete and under active construction.
{{% /notice %}}
See these documentation pages for information on each configuration value:
{{% children description=true %}}

4
docs/content/usage/configuration/basic-credentials.md
View File

@ -2,7 +2,9 @@
title: "Credentials"
date: 2020-06-09T12:20:08+03:00
draft: false
description: "Configure credentials that the Monkey uses for propagation"
description: "Configure credentials that the Monkey will use for propagation."
---
In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.
![Configure credentials](/images/usage/configruation/credentials.png "Configure credentials")

2
docs/content/usage/configuration/basic-network.md
View File

@ -2,7 +2,7 @@
title: "Network"
date: 2020-06-09T12:20:14+03:00
draft: false
description: "Configure settings related to the Monkey's network activity"
description: "Configure settings related to the Monkey's network activity."
---
Here you can control multiple important settings, such as:

5
docs/content/usage/getting-started.md
View File

@ -4,6 +4,7 @@ date: 2020-05-26T21:01:12+03:00
draft: false
weight: 1
pre: "<i class='fas fa-play-circle'></i> "
tags: ["usage"]
---
## Using the Infection Monkey
@ -27,6 +28,10 @@ To run the monkey, select one of the following options:
![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice")
{{% notice tip %}}
If you're running in an AWS cloud environment, check out [Usage -> Integrations](../../usage/integrations) for information about how Monkey integrates with AWS.
{{% /notice %}}
### Infection Map
Next, click **Infection Map** to see the Infection Monkey in action.

14
docs/content/usage/integrations/_index.md Normal file
View File

@ -0,0 +1,14 @@
---
title: "Integrations"
date: 2020-06-28T10:38:05+03:00
draft: false
chapter: true
weight: 10
pre: "<i class='fas fa-directions'></i> "
---
# Integrate the Monkey with 3rd party software
The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers:
{{% children description=true %}}

150
docs/content/usage/integrations/aws-run-on-ec2-machine.md Normal file
View File

@ -0,0 +1,150 @@
---
title: "Running the monkey on AWS EC2 instances"
date: 2020-06-28T10:44:05+03:00
draft: false
description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
tags: ["aws", "integration"]
---
## When to use this feature
If your network is deployed on Amazon Web Services (with EC2 instances), and you'd like to run the Infection Monkey in order to test it, this page is for you. You can easily run the monkey on **various instances** within your network - in a secure fashion, **without** feeding the Island with any credentials or running shell commands on the machines you want to test.
The results will be exported to AWS security hub automatically, as well. To see more information about that, see the [Infection Monkey and AWS Security Hub documentation](https://github.com/guardicore/monkey/wiki/Infection-Monkey-and-AWS-Security-Hub).
![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
## Setup
Assuming your network is already set up in AWS EC2, follow these quick steps to get up and running.
### Monkey Island deployment
In order to run the Monkeys directly from the Monkey Island server, you need to deploy the Monkey Island server to an AWS EC2 instance in the same network which you want to test. For information about deploying the Monkey Island server, see [setup](../../../setup).
### Setup IAM roles
In order for the Island to successfully view your instances, you'll need to set appropriate IAM roles to your instances. You can read more about IAM roles [in Amazon's documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html), but it's not necessary in order to follow this setup.
#### Creating a custom IAM role
Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
#### Applying the IAM role to an instance
For each instance you'd like to access from the island, apply the new IAM role you've just created to the instance. For example:
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-4.png "Applying a custom IAM role")
After applying the IAM role you should see this screen:
![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-5.png "Applying a custom IAM role")
**Note: after setting IAM roles, the roles might take a few minutes (up to 10 minutes sometimes) to effectively kick in.** This is how AWS works and is not related to the Monkey implementation. See [this StackOverflow thread for more details.](https://stackoverflow.com/questions/20156043/how-long-should-i-wait-after-applying-an-aws-iam-policy-before-it-is-valid)
### Setup SSM agent
If your EC2 instances don't have the _SSM agent_ installed, they will not be able to execute SSM commands, which means you won't see them in the AWS machines table on the monkey island. Generally speaking, most new EC2 instances ought to have SSM pre-installed; The SSM Agent is installed, by default, on Amazon Linux base AMIs dated 2017.09 and later, and on Amazon Linux 2, Ubuntu Server 16.04, and Ubuntu Server 18.04 LTS AMIs.
See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't have one.
## Usage
### Running the monkey
When you run the monkey island on an AWS instance, the island detects it's running on AWS and present the following option in the _"Run Monkey"_ page, like so:
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-1.png "Running a Monkey on EC2 Instance")
And then you can choose one of the available instances as "patient zero" like so:
1. Click on "Run on AWS"
2. Choose the relevant Network Interface
3. Select the machines you'd like to run the Monkey on
4. Click "Run on Selected Machines", and watch the monkey go! 🐒
![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-2.png "Running a Monkey on EC2 Instance")
## Notes
- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in AWS IAM documentation.
- You can see the monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
### Appendix A: Specific policy permissions required
The IAM role will need to have, at least, the following specific permissions:
#### For executing the Monkey on other machines - SSM
- `"ssm:SendCommand"`
- `"ssm:DescribeInstanceInformation"`
- `"ssm:GetCommandInvocation"`
Here's the policy of the IAM role, as a JSON object:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:SendCommand",
"ssm:DescribeInstanceInformation",
"ssm:GetCommandInvocation"
],
"Resource": "*"
}
]
}
```
#### For exporting security findings to the Security Hub - security hub
_Note: these can be set on the Monkey Island machine alone, since it's the only one exporting findings to the AWS secutiry hub._
- `"securityhub:UpdateFindings"`
- `"securityhub:BatchImportFindings"`
Here's the policy for SecurityHub, as a JSON object:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"securityhub:UpdateFindings",
"securityhub:BatchImportFindings"
],
"Resource": "*"
}
]
}
```
The JSON object for both of the policies combined therefore is:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:SendCommand",
"ssm:DescribeInstanceInformation",
"securityhub:UpdateFindings",
"securityhub:BatchImportFindings",
"ssm:GetCommandInvocation"
],
"Resource": "*"
}
]
}
```

43
docs/content/usage/integrations/aws-security-hub.md Normal file
View File

@ -0,0 +1,43 @@
---
title: "AWS Security Hub integration"
date: 2020-06-28T10:38:12+03:00
draft: false
description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."
tags: ["aws", "integration"]
---
The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.
![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")
The integration will send _all_ Infection Monkey findings (typically low tens of findings) to the security hub at the end of a Monkey breach simulation.
## Setup
If the correct permissions have been set on the AWS IAM role of the Monkey Island machine, then the Island will automatically export its findings to the AWS security hub.
### Specific permissions required for security hub
- `"securityhub:UpdateFindings"`
- `"securityhub:BatchImportFindings"`
Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.
## Integration details
The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
Specifically, the Island sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.
## Regions
The Infection Monkey is usable on all public AWS instances.
## Example
After setting up a monkey environment in AWS and attaching the correct IAM roles to the monkey island machine, the report findings were exported to the security hub.
1. Navigate to `Findings`.
2. Press on a specific finding to see more details and possible solutions.
![AWS Security hub console example](images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")

1
docs/content/usage/scenarios.md
View File

@ -3,6 +3,7 @@ title: "Scenarios"
date: 2020-05-26T21:01:19+03:00
draft: true
weight: 2
tags: ["usage"]
---
In this page we show how you can use the Infection Monkey to simulate breach and attack scenarios as well as to share some cool tips and tricks you can use to up your Infection Monkey game. This page is aimed at both novice and experienced Monkey users. You can also refer to [our FAQ](../../faq) for more specific questions and answers.

BIN
docs/static/images/usage/configruation/credentials.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
docs/static/images/usage/integrations/AWS-Security-Hub-logo.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.2 KiB

BIN
docs/static/images/usage/integrations/Amazon_Web_Services_Logo.svg.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

1
docs/static/images/usage/integrations/aws-ec2.svg vendored Normal file
View File

@ -0,0 +1 @@
<svg width="2065" height="2500" viewBox="0 0 256 310" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid"><path d="M42.754 244.495l-29.918 6.826V57.565l29.918 6.839v180.091" fill="#F68536"/><path d="M80.082 255.931l-37.328 10.608V42.612l37.328 10.595v202.724M127.966 267.681l-47.884 17.524V23.946l47.884 17.516v226.219M256 245.079l-128.034 64.017V0L256 64.017v181.062" fill="#F68536"/><path d="M102.444 12.763L127.966 0v309.096l-25.522-12.759V12.763M60.325 33.82l19.757-9.878v261.212l-19.757-9.878V33.82M27.016 50.477l15.738-7.869v223.88l-15.738-7.874V50.477M12.836 57.565L0 63.983v181.134l12.836 6.414V57.565" fill="#9D5025"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 647 B

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-1.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-2.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-3.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-4.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
docs/static/images/usage/integrations/monkey-island-aws-screenshot-5.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/static/images/usage/integrations/security-hub-console-example.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 105 KiB