aws

README

RISKEN AWS

RISKEN is a monitoring tool for your cloud platforms, web-site, source-code... RISKEN AWS is a security monitoring system for AWS that searches, analyzes, evaluate, and alerts on discovered threat information.

Please check RISKEN Documentation.

Installation

Requirements

This module requires the following modules:

• Go
• Docker
• Protocol Buffer

Install packages

This module is developed in the Go language, please run the following command after installing the Go.

$ make install

Building

Build the containers on your machine with the following command

$ make build

Running Apps

Deploy the pre-built containers to the Kubernetes environment on your local machine.

• Follow the documentation to download the Kubernetes manifest sample.
• Fix the Kubernetes object specs of the manifest file as follows and deploy it.

k8s-sample/overlays/local/aws.yaml

service	spec	before (public images)	after (pre-build images on your machine)
accessanalyzer	spec.template.spec.containers.image	public.ecr.aws/risken/aws/accessanalyzer:latest	aws/accessanalyzer:latest
adminchecker	spec.template.spec.containers.image	public.ecr.aws/risken/aws/adminchecker:latest	aws/adminchecker:latest
cloudsploit	spec.template.spec.containers.image	public.ecr.aws/risken/aws/cloudsploit:latest	aws/cloudsploit:latest
guardduty	spec.template.spec.containers.image	public.ecr.aws/risken/aws/guard-duty:latest	aws/guard-duty:latest
portscan	spec.template.spec.containers.image	public.ecr.aws/risken/aws/portscan:latest	aws/portscan:latest

CloudSploit

Customize CloudSploit

You can customize CloudSploit by accessing the link below. https://github.com/ca-risken/common/blob/master/pkg/cloudsploit/README.md

Community

Info on reporting bugs, getting help, finding roadmaps, and more can be found in the RISKEN Community.

License

MIT.