Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Mike Grima
@mikegrima
If GCP has some logs (like the CloudTrail equiv) that could also shed some light
22vibhutigoel
@22vibhutigoel
Hi ...m trying to install security-monkey on aws instance & added aws account , but its now showing any data on dashbaord
@here
Anyone have documentation to install security monkey on kubernetes ?
jibz08
@jibz08
Hi @mikegrima How can make API calls to security monkey?.
Mike Grima
@mikegrima
It's painful
You need to follow the login path to get an api token
and add the auth data headers in the request
It's one of the reasons why we're deprecating it
Joakim Uddholm
@Tethik
Is there a way to get when an account was last scanned? Would like to set up some monitoring on this.
Zach
@zpritcha
Your best bet would be parsing the log files, but outside of that there's no feature for getting when an account was last scanned. It would be much easier to just parse your own cloudtrail logs to find when the role was last used in that account
If you're looking to ensure it runs every X hours for an account, write a lambda that checks your cloudtrail logs to see if the role was used in that account. Trigger it via a CW Rule every X hours
Joakim Uddholm
@Tethik
Thanks @zpritcha ! Will see what I can do with cloudtrail :)
jibz08
@jibz08
@mikegrima I have configured SES for security Monkey , But not receiving any emails
jibz08
@jibz08
provide me some troubleshooting steps.
jibz08
@jibz08
@mikegrima How to drop a user login, or can i change the email ?
as well as , when the emails are send, by default the email is send to user email address. how to disable that ?
jibz08
@jibz08

$ monkey create_user "you@youremail.com" "Admin"

Password:
Confirm Password:

How to delete this user(you@youremail.com) or drop it
jibz08
@jibz08
@mikegrima , I have resolved the issue, I know Delete user is broken , so we need to use toggle command to disable or make inactive the user. so now i m getting emails using ses smtp. Thank You.
jibz08
@jibz08
@mikegrima , I have a query , when we do changes in any resource. can we get alert on who did that changes.?do I need to enable something on AWS?
If CloudTrail enabled for the resource. will monkey send me the alert for the user who did EC2 changes
Mike Grima
@mikegrima
We were never able to complete that functionality
We would recommend (and are recommending) users to make use of AWS Config instead of Security Monkey, which is currently on maintenance mode
pacebao
@pacebaotwt_twitter
hi everyone, how is this possible to get securitygroup and some other of techs scores like in shown in dashboard from console via script/plugin ?
Michael Stair
@mstair
customer alerter might be easiest
pacebao
@pacebaotwt_twitter
i couldn't manage get counts via custom alerters
pacebao
@pacebaotwt_twitter
@mstair @mikegrima please and thank you
Michael Stair
@mstair
sorry @pacebaotwt_twitter …. you are trying to extract metrics like displayed on the dashboard?
pacebao
@pacebaotwt_twitter
yes correct
Michael Stair
@mstair
@mikegrima answered this above not long ago (re using API):
"It's painful
You need to follow the login path to get an api token
and add the auth data headers in the request
It's one of the reasons why we're deprecating it"
Mike Grima
@mikegrima
/all As an FYI, I am planning on adding a major note to the main readme for Security Monkey mentioning that it is deprecated and that you should not be using it for production purposes.
Primary reasons for this:
  • 2020 Python 2 deprecation - Migrating to Python 3 is too much work and not worth the effort
  • SM just doesn't scale in large environments
  • Efforts like AWS Config are solving our major use cases around the initial solution that we were seeking to solve with Security Monkey
  • The SM UI code is written in Dart 1.0 and migrating to React or something more modern is A LOT of work
  • We want CloudTrail context, and the ability to drive more event driven use cases. Having a loosely coupled system will scale better vs the SM monolith and enable use cases that Security Monkey itself could not effectively handle
Mike Grima
@mikegrima
While I understand that AWS Config only addresses AWS, Netflix (the main maintainer of SM) is primarily an AWS shop, and we are going to dedicate our resources to that. I would highly encourage you to reach out to your TAMs and other representatives of other cloud providers to develop an AWS Config type of solution for the respective cloud.
pacebao
@pacebaotwt_twitter
yeah it shouldn't be so hard to getting of tech scores by script tho
would be really appreciated if someone can help me out
Mike Grima
@mikegrima
@pacebaotwt_twitter , as @mstair mentioned, this would be best accomplished via a custom alerter. From there, you would have full access to the database and be able to fetch and retrieve any data you need.
To be honest though... the security verification checks and scores are very much broken
I'd be suprised if they are that useful
Gerardo Hernandez
@ghernandez2_gitlab
Anyone having issues were justified issues come back?
I had that one before and now they are back
Enter security monkey after a while and lots of justified issues now are unjustified again
Mike Grima
@mikegrima
This has happened before -- the issues system is broken
Please do not rely on it