A project that sets up partitioned Athena tables for CloudTrail logs and updates partitions nightly.
This repository contains scripts and guidance that can be used as a proof-of-concept to generate Amazon GuardDuty findings related to real AWS resources. There are multiple tests that can be run independently or together depending on the findings you are looking to generate. These scripts do not generate examples for every possible GuardDuty finding type but do help provide insight that can help in understanding how to view and respond to GuardDuty findings for resources deployed in your environment. It is recommended that these tests be deployed in a non-production account to ensure that findings generated by these tests can be clearly identified. Additionally, the permissions to deploy these tests are quite broad and using a non-production account helps to ensure that these permissions are contained to an account where the impact of these permissions is reduced. The following tests are available in this repository: Findings related to EC2 instances and Malware protection, Findings related to EKS clusters on EC2 using Kubernetes Audit Logs and EKS Runtime protection, Generating findings related to EC2 instances and Malware protection.
A project that sets up partitioned Athena tables for CloudTrail logs and updates partitions nightly.
A Python script that lists all main resources of your AWS account, helping you find resources that affect billing and/or security.
A tool that determines what AWS API calls are logged by CloudTrail and what they are logged as, and can also be used as an attack simulation framework.
Ice provides a birds-eye view of cloud resources and usage patterns in AWS.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
A tool to analyze and audit AWS environments for security issues and misconfigurations.