Home Hacking cloud inquisitor: tool to enforce ownership and data security within AWS

cloud inquisitor: tool to enforce ownership and data security within AWS

95
0
SHARE

Cloud Inquisitor improves the security posture of an AWS footprint through:

  • monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved.
  • detecting domain hijacking.
  • verifying security services such as Cloudtrail and VPC Flowlogs.
  • managing IAM policies across multiple accounts.

Architecture

Typically Cloud Inquisitor runs in a “Security” or “Audit” account with cross-account access through the use of AssumeRole.

Platforms

Cloud Inquisitor works on Python 3.5 or higher and Ubuntu 16.04.

  • Production deployment is done through Packer.
  • Development supports deployment via Docker or Packer.

Please see the Resources section below for further information.

Download

Usage

Dashboard

By default, the front-end dashboard shows:

  • EC2 Instances that are running or stopped and which instances have a public IP.
  • Percentage of required tags compliance per account.

Below is a sample screenshot showing what the dashboard looks like:

Browse

On the left-hand side of the UI, you are able to directly examine raw data:

  • EC2 Instances – shows all the EC2 Instance data that Cloud Inquisitor possess,

which should represent all EBS volumes in use in your AWS infrastructure * EBS Volumes – shows all the EBS Volume data that Cloud Inquisitor possess, which should represent all EBS volumes in use in your AWS infrastructure * DNS – shows all the dns data that Cloud Inquisitor possess (shown below, the first screenshot) * Search – this gives you the ability to search for instances across the Cloud Inquisitor database. The search page has help functionality within the page as shown below

images/cinq_search.png

Admin

On the left-hand side, there are a bunch of admin options such as :

  • Accounts
  • Config
  • Users
  • Roles
  • Emails
  • Audit Log
  • Logs

In the Accounts section, you can review the current accounts that Cloud Inquisitor is auditing and modify accordingly. For example, to add a new account, select the dialog button on the very bottom right-hand side of the screen and select the “+” as shown below:

images/cinq_account_add.png

and then you can create your new account on the following screen:

images/cinq_account_create.png

The Config section is quite detailed and this is where you can perform extensive configuration on:

  • API
  • Authentication (Local/SAML)
  • Auditors
  • Collectors
  • Logging
  • Notifications (Email/Slack)
  • Schedulers

Below is a sample screenshot showing what the config capabilities look like:

images/cinq_config.png

Copyright 2017 Riot Games

Source: https://github.com/RiotGames/

 

Read more…

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here