![]()
SIRAS - Security Incident Response Automated Simulations
2020-11-22 20:30:00
Author: www.blogger.com(查看原文)
阅读量:156
收藏
tag:blogger.com,1999:blog-8317222231133660547.post-174701645561605172020-11-22T08:30:00.010-03:002020-11-22T08:30:08.569-03:00SIRAS - Security Incident Response Automated Simulations<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-UJ5QHOOjc6I/X7da6aroMTI/AAAAAAAAUbw/FGk9Q75TnE8uBCoiaQ93v1oHkocm8p-lQCNcBGAsYHQ/s2086/siras_1_deployment.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="842" data-original-width="2086" height="258" src="https://1.bp.blogspot.com/-UJ5QHOOjc6I/X7da6aroMTI/AAAAAAAAUbw/FGk9Q75TnE8uBCoiaQ93v1oHkocm8p-lQCNcBGAsYHQ/w640-h258/siras_1_deployment.png" width="640" /></a></div><p><br /></p> <p>Security Incident Response Automated Simulations (SIRAS) are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code <a href="https://www.kitploit.com/search/label/Testing" target="_blank" title="testing">testing</a> scenarios to facilitate the blueteam/tabletops scenarios. All smokers of siras make real actions into your AWS and then delete those actions in the same execution.</p> <p>SIRAS is the <code>incident response friend</code> when you need to test your controls/alerts :)</p><span><a name='more'></a></span><p><br /></p><span style="font-size: large;"><b>Why SIRAS?</b></span><br /> <p>Currently, the incident detection and response team are developing differents mechanisms to prevent/detect several types of incidents, leaving aside the test stage. Although each alert/automation is tested before implementing it, and it is not constantly monitored. For this, SIRAS proposes an automated test model where it is expected to trigger alerts in a controlled manner to make security incidents simulation.</p> <br /><span style="font-size: large;"><b>How to run:</b></span><br /> <p>1- ACTIVATE VIRTUALENV</p> <div><pre><code>virtualenv siras && source ./siras/bin/activate</code></pre></div> <p>2- GET HELP</p> <div><pre><code>python3 siras.py -s test</code></pre></div> <br /><span style="font-size: large;"><b>OPTIONS TO RUN (needed)</b></span><br /> <p>-s for the "smoker"</p> <table> <tr> <th align="left">-s</th> <th align="left">Description</th> </tr> <tr> <td align="left"><strong>all</strong></td> <td align="left">run all smokers.</td> </tr> <tr> <td align="left"><strong>test</strong></td> <td align="left">test siras if works.</td> </tr> <tr> <td align="left"><strong>sg</strong></td> <td align="left">Create an open sg into AWS and nuke it.</td> </tr> <tr> <td align="left"><strong>pa</strong></td> <td align="left">Multiple auth failed into vpn paloalto portal (please config "pano_url" into smoker/PanAuthSmoker.py)</td> </tr> <tr> <td align="left"><strong>au</strong></td> <td align="left">Create an adminsitrator user into AWS.</td> </tr> <tr> <td align="left"><strong>aca</strong></td> <td align="left">Multiple auth failed into AWS <a href="https://www.kitploit.com/search/label/Console" target="_blank" title="console">console</a> portal (please config "account_id" into smoker/awsConsoleAuthSmoker.py)</td> </tr> <tr> <td align="left"><strong>ctr</strong></td> <td align="left">Create and delete a cloudtrail trail loggin.</td> </tr> <tr> <td align="left"><strong>s3p</strong></td> <td align="left">Create an s3 bucket public.</td> </tr> <tr> <td align="left"><strong>esb</strong></td> <td align="left">Create an esb public snapshot (please config your snapshot ID into smoker/EBSPublicSmoker line27)</td> </tr> </table> <br /><span style="font-size: large;"><b>OPTIONS TO RUN (optional)</b></span><br /> <table> <tr> <th>-b (to run)</th> <th>Description</th> </tr> <tr> <td><strong>True</strong></td> <td>save results into s3-bucket.</td> </tr> <tr> <td><strong>False</strong></td> <td>This is the default, just print the output into the console</td> </tr> </table> <br /><span style="font-size: large;"><b>Requeriments</b></span><br /> <ul> <li>Python</li> <li>VirtualEnv</li> <li>AWS Credentials</li> <li>ENV name 'BUCKETS3' to save the <a href="https://www.kitploit.com/search/label/Logs" target="_blank" title="logs">logs</a> into that bucket if "true".</li> <li>(If you dont want to use virtualenv) pip to install requeriments.txt</li> </ul> <br /><span style="font-size: large;"><b>Future Integrations</b></span><br /> <ul> <li>Kubernetes smokers</li> <li>VPC changes</li> <li>EC2 Infected Smoker.</li> <li>GuardDuty Changes.</li> </ul> <br /><span style="font-size: large;"><b>Request New Modules/Publish</b></span><br /> <p>Please feel free to publish or request new modules or use cases, open a ISSUE into the repo or make a PR.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Stuxend/siras" rel="nofollow" target="_blank" title="Download Siras">Download Siras</a></span></b></div>Zion3R[email protected]
文章来源: http://www.blogger.com/feeds/8317222231133660547/posts/default/17470164556160517
如有侵权请联系:admin#unsafe.sh