DIAL(Did I Alert Lambda?) is a centralised security misconfiguration detection framework which completely runs on AWS Managed services like AWS API Gateway, AWS Event Bridge & AWS Lambda

Overview

DIAL


dial-logo

Workloads on cloud provide equal opportunities for hackers as much as they do for internal teams. Cloud-native companies are open to attacks from both outside forces and from within. With ever growing risk of a security breach and cloud misconfiguration being one of the most common factor of the same, the mean time to detect is supposed to be reduced to seconds instead of minutes/hours/days. Hence, we introduce our inhouse tool DIAL(Did I Alert Lambda?) which helps us to monitor any number of AWS accounts at any given period of time.

What is DIAL?


DIAL(Did I Alert Lambda?) is a centralised security misconfiguration detection framework which completely runs on AWS Managed services like AWS API Gateway, AWS Event Bridge & AWS Lambda. Few of the key features of DIAL includes.

  • It's an event driven framework, because of which maximum detection time for any misconfigurations is < 7 seconds. MTTD(Mean Time to Detect) < 4 secs.
  • It will only be triggered when event of interest are generated.
  • Highly scalable and Cost efficient as it is built on top of AWS lambda and it gets triggered when events of interest are seen.
  • Modular architecture; Which means you can easily add more event handlers and usecases according to your needs.

To read more about the same, you can go through the following technical blog.

You will be getting actionable alerts as shown below with all the relevant details:

alert-1

alert-2

alert-3

alert-4

Architecture


dial-arch

The architecture is broken down into two different components:

  • Parent Controller
  • Child Controller

Child Controller; The child controller acts as an event handler, which needs to be deployed in all accounts/regions you want the detection framework, which is connected to Event Bridge as a trigger which in turn triggers Child controller when any event of interest happens. This controller is also responsible for sending out alerts to the user configured SLACK channel along with the severity that is defined under the config file. It then forwards the whole response object to the Parent controller for further processing and storage.

Parent Controller; DIAL’s framework just needs one Parent Controller which acts as an aggregator for your SIEM, IR and persistent storage of alerts. Parent Controller works along with API Gateway which is connected with one AWS Lambda at the backend, whose sole purpose is to collect data. The request to API gateway is supposed to be Authenticated which is again configurable according to end user’s needs.

Note: Here we have used TheHive project as an open source IR tool to ingest data, you can simply change the function on the Parent controller to send the response object to any SIEM/IR tool of your choice, just make sure to change the necessary parameters that needs to be added on top of it.

Services covered:


  • EC2
  • S3
  • IAM
  • Security Group
  • GuardDuty
  • VPC
  • RDS
  • DynamoDB
  • Secret Manager
  • Parameter Store(System Manager)

UseCases covered


We are currently releasing the detection module of DIAL, which will help you to detect any misconfigurations, we do plan to release the remediation module in near future. The following are the detection usecases that DIAL is currently capable of detecting and alerting.

  • IAM

    • Any priv escalations via “CreatePolicy/AttachPolicy/CreatePolicyVersion”
    • Inactive access Keys made public
    • Admin policy attached to any user/role
    • Console Sign In by any-user
    • MFA deleted/removed
  • S3

    • S3 bucket made public
    • S3 object made public
    • S3 bucket policy misconfigured
    • Misconfigured ACL for bucket/object
  • EC2

    • VPC Peering connection to unknown account
    • Laxed Security groups(0.0.0.0/0 access on ports)
    • Associating private subnet with public route table
    • Un realistic instance type creation(p4d.24xlarge etc)
  • Secret Manager/SSM Parameter Store

    • Critical secret parameters called by which user
    • Any deletion of secret parameters
  • Database(RDS/DynamoDB)

    • Snapshot creation of available DBs
    • Modification of DB to make them public
    • Creating DB with public access True
  • GuardDuty

    • Guard duty findings

Installation and Deployment


Please refer the following file

Owner
CRED
CRED
A Discord bot coded in Python

Perseverance-Bot By Toricane Replit Code | GitHub Code | Discord Server | Website Perseverance is a multi-purpose bot coded in Python. It has moderati

4 Mar 30, 2022
Instadev - Crack Instagram IqbalDev

Crack Instagram IqbalDev ⇨ Install Script Di Termux $ pkg update && upgrade $

Dicky Wahyudi 1 Feb 27, 2022
A Telegram bot to download from Youtube server.

IDN-YoutubeDL-Bot A Telegram bot to download from Youtube server. Configs 📖 API_ID - Your APP ID. Get it from my.telegram.org API_HASH - Your API_HAS

IDNCoderX 4 Dec 02, 2022
ApiMoedas - This API is a extesion of API

🪙 Api Moeda 🪙 Este projeto é uma extensão da API Awesome API. Basicamente, ele mostra todas as moedas que a Awesome API tem e todas as suas conversõ

Abel 4 May 29, 2022
python library to the bitly api

bitly API python library Installation pip install bitly_api Run tests Your username is the lowercase name shown when you login to bitly, your access

Bitly 245 Aug 14, 2022
A light wrapper around FedEx's SOAP API.

Python FedEx SOAP API Module Author: Greg Taylor, Radek Wojcik Maintainer: Python FedEx Developers License: BSD Status: Stable What is it? A light wra

155 Dec 16, 2022
Telegram Bot to Filter posts in Bot Inline search

Inline-Filter-Bot A Telegram Bot for filter in Inline Features Unlimited Filters Supports all type of filters Supports Alert Button Using Common Marku

Code X Botz 67 Dec 26, 2022
Online Marketplace API

Online Marketplace API Table of Contents Setup Instructions Documentation Setup instructions Make sure you have python installed Clone the repository

Kanat 3 Jul 13, 2022
Pyspark sam - Analyze Big Sequence Alignments with PySpark in AWS EMR

pyspark_sam This repo hosts my code for the article "Analyze Big Sequence Alignm

Sixing Huang 4 Dec 09, 2022
Cryptocurrency Trading Bot - A trading bot to automate cryptocurrency trading strategies using Python, equipped with a basic GUI

Cryptocurrency Trading Bot - A trading bot to automate cryptocurrency trading strategies using Python, equipped with a basic GUI. Used REST and WebSocket API to connect to two of the most popular cry

Francis 8 Sep 15, 2022
Aula-API - a school system widely used in Denmark, as you can see and read about in the python file

Information : Hello, thank you for reading this first of all. This is a Aula-API

Binary.club 2 May 28, 2022
AminoLab Library For AminoApps using aminoapps.com/api

AminoLab AminoLab Api For AminoApps using aminoapps.com/api Installing pip install AminoLab Example #Login import AminoLab client = AminoLab.Client()

10 Sep 26, 2022
Bitcoin tracker hecho con python.

Bitcoin Tracker Precio del Bitcoin en tiempo real. Script simple hecho con python. Rollercoin RollerCoin es un juego en el que puedes ganar bitcoin (y

biyivi 3 Jan 04, 2022
Python bindings for Alexa Web Information Service (AWIS) API

Attention! This package is no longer maintained. See this ticket for more info. Wraps Alexa Web Information Service. Usage Making UrlInfo requests: ap

Atamert Ölçgen 51 Feb 12, 2022
WBMS automates sending of message to multiple numbers via WhatsApp Web

WhatsApp Bulk Message Sender - WBMS WBMS automates sending of message to multiple numbers via WhatsApp Web. Report Bug · Request Feature Love the proj

Akshay Parakh 3 Jun 26, 2022
Space Bot, a Discord bot built for HackerSpace Club of PES University

Space Bot Space Bot, a Discord bot built for HackerSpace Club of PES University What can Space Bot do? Space Bot allows you to lookup any mentor or to

HackerSpace @PESU 7 Oct 23, 2022
Frida-based ceserver.iOS analysis is possible with Cheat Engine.

frida-ceserver frida-based ceserver. iOS analysis is possible with Cheat Engine. Original by Dark Byte. Usage Install python library. pip install pack

87 Dec 30, 2022
VideoMergeDcBot1 - Video Merge Dc Bot for telegram

VIDEO MERGE BOT An Telegram Bot Demo 👉 @VideoMergeDcBot To Merge multiple Video

Selfie SD 2 Feb 04, 2022
Braintree Python library

Braintree Python library The Braintree Python library provides integration access to the Braintree Gateway. TLS 1.2 required The Payment Card Industry

Braintree 230 Dec 18, 2022
PyMusic Player is a music player written in python3.

PyMusic Player is a music player written in python3. It harvests r

PythonSerious 2 Jan 30, 2022