Skip to content

Compromise Assessment: A general purpose utility to analyze cloud assessment specifically designed for AWS platform.

License

Notifications You must be signed in to change notification settings

Infopercept/compromise-assessment

Repository files navigation

AWS Compromise assessment script


Invinsense logo Infopercept logo


📙 About the script

AWS Compromise Assessment compiles the events and Indicator of Compromise (IoC) from CloudTrail Logs after an incident has occurred or appears to be compromised. It will assist in obtaining complete critical event data and making it easier for threat hunters for future forensics.

📖 System Prerequisites

Component README
python version > 3.6 Must be pre-installed in computer in order to run the compromise assessment script
Configure AWS SDK Using AWS CLI you have to configure the AWS SDK
Operating system Windows or Ubuntu/Linux
CPU Core 2 CPU or more
Memory 4 GB RAM

🔆 Features

  • Scrpit will show 50000 record of cloudtrail logs by default or if you want to customize it you can give -record_limit argument to the command.
  • Script will show cloudtrail logs according to days argument (60 or 90) in the command line default is 90 or you can give your days using -days command line argument.
  • Script will also gives you a cloudtrail logs based on AWS services using the argument called -service_name.
  • Script will shows the logs in the tabular format.
  • Log table provide pagination functionality for traverse throught the logs.
  • Log table also provide a functionality for searching a logs according to event category.
  • Script will show you the Analytic (statastical) table.
  • Script will display the histogram and pie chart according to analytic table.

✅ How to run the script

📥 Installation of python

Python for Windows

https://www.digitalocean.com/community/tutorials/install-python-windows-10

Python for Ubuntu/Linux

https://www.makeuseof.com/install-python-ubuntu/

🔩 Configuration of AWS SDK

Install AWS CLI from the link given below

https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

Run the following command and provide your aws credentials to setup the AWS ADK on your system.

aws configure

💉 Install required python dependency

Open the command prompt or terminal on your system then reach to project directory and run the following command

pip3 install -r requirements.txt

📂 Clone the GitHub repository

https://github.com/Infopercept/compromise-assessment

📰 Note

If you are Windows user then use python for running the script.

or

If you are Ubunt/Linux/MacOs user then use python3 for runnig the script.

💡 Help for script command

Type the following command

python3 compromise-assessment.py -h

or

python3 compromise-assessment.py --help

Result

help-ss

▶️ Run the compromise assessment script

  • You can use this arguments to make user specific choices and arguments optionals are days, record_limit, and service_name.
  • Commands you can use:
Command Description
python3 compromise-assessment.py This command gives you the 90 days cloudtrail records as default it takes 90 days,it will take all services and it will return 5000 record by default.
python3 compromise-assessment.py -days 60 This command gives you the 60 days cloudtrail records, it will take all services and it will return 5000 record by default.
python3 compromise-assessment.py -days 90 This command gives you the 90 days cloudtrail records, it will take all services and it will return 5000 record by default.
python3 compromise-assessment.py -record_limit 1000 This command gives you the 90 days cloudtrail records as default, it will take all services and it will return 1000 record.
python3 compromise-assessment.py -service_name s3 This command gives you the 90 days cloudtrail records as default, it will take S3 services and it will return 5000 record.
python3 compromise-assessment.py -days 60 -service_name iam This command gives you the 60 days cloudtrail records, it will take IAM services and it will return 5000 record.
python3 compromise-assessment.py -days 70 -record_limit 5000 -service_name lambda This command gives you the 70 days cloudtrail records, it will take LAMBDA services and it will return 5000 record.

🎦 Repository Visualization

Report
Report

🔑 License

Licensed under the (https://www.infopercept.com/) License, Version 3.0. Copyright 2022 Infopercept. Copy of the license.

💻 Website

https://infopercept.com

🙌 Support

👪 Contributors


Bhavik Prajapati

💻

Author

👤 Bhavik Prajapati

About

Compromise Assessment: A general purpose utility to analyze cloud assessment specifically designed for AWS platform.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published