dowjones / hammer Goto Github PK

It looks like during the below change to asynchronous API, docs/pages/* weren't updated to cover a new required parameter in config.json for all the playbooks. d07b202

Relatedly one might consider the architecture diagram out of date based on this change.

If an account has more than 1 MB data for a specific issue, then IssueOperations.get_account_open_issues() doesn't return all open issues. We should pagination support to this method.

Hi. Does this not require a slack API key for log forwarding? Let me know if I am missing something here?

Several AWS APIs use paging, which requires multiple API calls to retrieve the whole resultset. Paginators would allow Hammer to work with such APIs efficiently. It would also make sure that Hammer won't miss any resources for analysis:
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/paginators.html

Hey, I'm a student currently researching on DJ Hammer for a school project. I am trying to gather accurate and up-to-date information about Dow Jones Hammer's current status and operations. Specifically, I am interested in whether the company is still providing its services or if there have been any recent developments, such as changes in operations or closure. Does anyone have any information regarding about this?

Terraform v0.11.14

• provider.aws v2.16.0
• provider.template v2.1.2

Error running plan: 1 error occurred:

• module.roles-crossaccount.aws_cloudformation_stack.identification_crossaccount_role: "template_body" contains an invalid JSON: invalid character ']' looking for beginning of value

Under library/aws/security_groups.py, the ipaddress.ip_network() call errors out if the network has host bits set.

Setting strict to 'False' so this call doesn't error out.
elif ipaddress.ip_network(cidr, False).is_global:

hammer-api returns 502 Internal Server Error on call to LATEST/identify.

From hammer-api CloudWatch logs:

Traceback (most recent call last):
File "/var/task/entrypoint.py", line 22, in wrapper
response = handler(event, context)
File "/var/task/entrypoint.py", line 191, in lambda_handler
return start_scan(account_id, regions, security_features, tags, ids)
File "/var/task/entrypoint.py", line 95, in start_scan
topic_name = config.get_module_config_by_name(security_feature).sns_topic_name
File "/var/task/library/config.py", line 532, in sns_topic_name
return self._config['topic_name']
KeyError: 'topic_name'

I ran: scan account 123
Got this:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/slackbot/dispatcher.py", line 55, in _dispatch_msg_handler
func(Message(self._client, msg), *args)
File "/hammer-correlation-engine/bot/commands.py", line 322, in start_scan_conversation
return ask_question(message, 0)
File "/hammer-correlation-engine/bot/commands.py", line 291, in ask_question
QUESTIONS[question_number]'question_func'
File "/hammer-correlation-engine/bot/commands.py", line 275, in ask_regions
supported_regions = config.aws.regions
File "/hammer-correlation-engine/library/config.py", line 466, in regions
ec2 = boto3.client('ec2')
File "/usr/local/lib/python3.6/site-packages/boto3/init.py", line 91, in client
return _get_default_session().client(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/boto3/session.py", line 263, in client
aws_session_token=aws_session_token, config=config)
File "/root/.local/lib/python3.6/site-packages/botocore/session.py", line 838, in create_client
client_config=config, api_version=api_version)
File "/root/.local/lib/python3.6/site-packages/botocore/client.py", line 86, in create_client
verify, credentials, scoped_config, client_config, endpoint_bridge)
File "/root/.local/lib/python3.6/site-packages/botocore/client.py", line 328, in _get_client_args
verify, credentials, scoped_config, client_config, endpoint_bridge)
File "/root/.local/lib/python3.6/site-packages/botocore/args.py", line 73, in get_client_args
endpoint_url, is_secure, scoped_config)
File "/root/.local/lib/python3.6/site-packages/botocore/args.py", line 155, in compute_client_args
endpoint_bridge=endpoint_bridge,
File "/root/.local/lib/python3.6/site-packages/botocore/args.py", line 230, in _compute_endpoint_config
service_name, region_name, endpoint_url, is_secure)
File "/root/.local/lib/python3.6/site-packages/botocore/client.py", line 402, in resolve
service_name, region_name)
File "/root/.local/lib/python3.6/site-packages/botocore/regions.py", line 122, in construct_endpoint
partition, service_name, region_name)
File "/root/.local/lib/python3.6/site-packages/botocore/regions.py", line 135, in _endpoint_for_partition
raise NoRegionError()
botocore.exceptions.NoRegionError: You must specify a region.

We should be able to leverage AWS' trusted advisor checks with Hammer's continuous monitoring service.

Opening this issue to tag in my PR. It will enable two trusted advisor checks, and bring over the zipped lambdas, changes in some permissions, config files, and utility functions.

user@host:~/hammer/deployment/terraform$ terraform init
Initializing modules...

• module.ddb
  Getting source "modules/ddb"
• module.roles-master
  Getting source "modules/roles-master"
• module.roles-crossaccount
  Getting source "modules/roles-crossaccount"
  Error downloading modules: Error loading modules: module roles-crossaccount: duplicated. module names must be unique

There is no sources.tf in the roles-crossaccount module.

Hello team,

I stumbled upon this project and noticed that it's hard for a newcomer to understand what hammer is doing not per ce, but in comparison with AWS security products. Now I understand briefly what project do, but without research on my own I can't say where I could use it, and where it's shadowing existing AWS services.
To name a few from Cloud Security page:

• Cloud Trail
• Cloudwatch
• AWS Security Hub
• Amazon Inspector
• Amazon GuardDuty
• Amazon Macie

AWS Security Hub was released just June 24 2019 which would make this comparison actual and very interesting.

Can I suggest someone experienced write such report on what is hammer place in the AWS ecosystem and post it somewhere alongside project documentation?