aws-samples / aws-iot-device-defender-agent-sdk-python Goto Github PK

it seems does not work now .

2020-06-15 04:31:52,432 - AWSIoTPythonSDK.core.protocol.mqtt_core - ERROR - Connect timed out
Traceback (most recent call last):
File "agent.py", line 174, in
main()
File "agent.py", line 140, in main
iot_client.connect()
File "agent.py", line 77, in connect
self.iot_client.connect()
File "/usr/local/lib/python2.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 513, in connect
return self._mqtt_core.connect(keepAliveIntervalSecond)
File "/usr/local/lib/python2.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 199, in connect
raise connectTimeoutException()
AWSIoTPythonSDK.exception.AWSIoTExceptions.connectTimeoutException

Hi,

I was just wondering if you are planning a new release pointing to the latest version of awsiotsdk?

I've followed the instructions to deploy this function to a Greengrass Core running on a Rasperry Pi, and I'm seeing an issue in my logs:

[2018-12-12T16:09:58.94Z][FATAL]-lambda_runtime.py:356,Failed to initialize Lambda runtime due to exception: cannot import name _psutil_linux

This message is showing up in /greengrass/ggc/var/log/user/us-east-1/myaccountid/greengrass_defender_metrics_lambda.log.

I've tried re-installing psutil locally, re-copied it into the metrics_lambda and then zipping a new version of the function and uploading it to the Lambda console, redeployed to the GG group, but without success.

Based on my understanding of how this should work, the Lambda function running on the GG device should pull its dependencies from the included dependencies uploaded as part of the zip folder, but the version of psutil included does not seem to be the right version. Is this because I ran pip install psutil on OSX and not on a Linux machine?

Describe the bug
Can't seem to be able to configure AWS Device Defender Security Profile with the data Bytes In / Bytes Out that Greengrass device defender sends from this Python SDK.

To Reproduce
Greengrass component setup using the following (this component is using aws-iot-device-defender-agent-sdk-python)

    "aws.greengrass.DeviceDefender": {
      "componentVersion": "3.0.0",
      "configurationUpdate": {
        "merge": "{\"SampleIntervalSeconds\":300,\"UseInstaller\":true}"
      }
    }

Security Profile with following criteria (here as IaC, can be created manually in AWS Console):

        {
          name: "BytesIn",
          criteria: {
            comparisonOperator: "less-than-equals",
            consecutiveDatapointsToAlarm: 1,
            consecutiveDatapointsToClear: 3,
            durationSeconds: 300,
            value: {
              count: "100000",
            },
          },
          metric: "aws:all-bytes-in",
          suppressAlerts: true,
        }

Expected behavior
Between two data points of 5 min interval, we never have more than 100000 Bytes sent. It should not alarm.

Actual behavior
Instead it alarms, most probably because instead of making the difference in bytes between two data points, what's being pushed is a cumulative BytesIn values which never cease to increase over time?

Should this component be changed to send delta between two datapoints to be compatible with a Security Profile? Or otherwise how can we use the BytesIn BytesOut data as pushed by this component in a Device Defender Security Profile?

More Information
Navigating to Defend -> Detect -> Security Profile -> Defender Metrics -> Bytes In.

The resulting graph looks like this:

As you can see Bytes In is steadily growing. From one data point to another (at 5 min Interval), there is never more than a 50,000 Bytes difference. Our IoT device is supposed to push and pull data at a steady rate (the graph confirms it is indeed the case).

We would like to setup a defender rule in our security profile around these metrics (BytesIn and Out). Essentially saying that between two data points (5 min interval) there should never be more than 100,000 Bytes difference (bumping a bit the previous 50,000 value). How can we do this with our security profile rule?

Our understanding was that the rule we talked about earlier would do just this:

But it alarms unfortunately. And when it does, it shows the total number of BytesIn : 34104770 which is the sum of two Bytes In metric that are sent within 5 min interval.

So if the rule itself for "aws:all-bytes-in" (in the security profile) is doing a sum of what's being sent during the interval Duration, then that means that the rule anticipates the metrics to send a delta of Bytes In rather than a cumulative value we would think.

Otherwise, if we are mistaken, then how can we use the Bytes In / Bytes Out metrics as it is currently being sent by this component into a Device Defender Security Profile: how can we put a threashold on something that never stops growing?

NB: this problem was originally described in the aws-greengrass-device-defender. aws-greengrass/aws-greengrass-device-defender#3
We have been asked to log this issue directly here as the Greengrass Component appears to be just a wrapper around this SDK.

Thanks a lot for your help!