This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Check Cloudtrail Configuration Across All Regions | |
region_arr = aws_helpers.get_region_array() | |
df_arr = [] | |
for region in region_arr: | |
cclient=boto3.client('cloudtrail',region_name=region) | |
cdf = pd.DataFrame(cclient.describe_trails()['trailList']) | |
cdf = cdf [[ 'Name', 'S3BucketName', 'IsMultiRegionTrail']] | |
df_arr.append(cdf) | |
ctedf = pd.concat(df_arr) | |
display(HTML(ctedf.drop_duplicates().to_html(index=False))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
reload(cloudtrail_helpers) | |
endtime = datetime.datetime.now() # Create start and end time for CloudTrail lookup | |
interval = datetime.timedelta(hours=48) | |
starttime = endtime - interval | |
reload(cloudtrail_helpers) | |
eventdf = cloudtrail_helpers.get_events_all_df(starttime, endtime) | |
eventdf['Resources'] = eventdf['Resources'].astype(str) | |
oeventdf = eventdf.copy() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
readonly = "false" # change it to false if you want write events as well | |
eventdf = cloudtrail_helpers.get_events_df("EventName", "PutConfigRule", starttime, endtime, readonly) | |
print (eventdf.shape) | |
eventdf.EventTime = pd.to_datetime(eventdf.EventTime, format='%m-%d-%Y:%H').apply(lambda x:x.strftime('%m-%d-%Y')) | |
sdf = eventdf[["EventTime", 'Username', 'userAgent', 'sourceIPAddress']] | |
sdf = sdf.groupby( ["EventTime", "userAgent", 'sourceIPAddress'] )['Username'].agg(','.join).reset_index(name='Usernames') | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eventdf = oeventdf.copy() | |
print (eventdf.columns) | |
eventdf.userIdentity= eventdf.userIdentity.astype(str) | |
eventdf = eventdf [eventdf.userIdentity.str.contains("Root")] | |
eventdf = eventdf [['EventSource', 'EventName', 'Username', 'EventTime', 'sourceIPAddress']] | |
eventdf = eventdf.groupby( ['EventTime', "EventSource","Username", 'sourceIPAddress'] )['EventName'].agg(','.join).reset_index(name='Eventnames') | |
sdf.to_csv("/tmp/rootactivity.csv") | |
link = lib_helpers.take_uploadfilename_return_link("rootactivity.csv", "rootactivity.csv") | |
display (md("##### Download the csv of the below table [here]({link})".format(link=link) ) ) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iam_client=boto3.client('iam') | |
items = [] | |
response = iam_client.list_roles() | |
while response: | |
items += response['Roles'] | |
response = iam_client.list_roles(Marker=response['Marker']) if 'Marker' in response else None | |
role_df = pd.DataFrame (items) | |
display (md(""" ## IAM Roles Summary | |
* No .of Roles: {noroles} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iam_client=boto3.client('iam') | |
items = [] | |
response = iam_client.list_users() | |
while response: | |
items += response['Users'] | |
response = iam_client.list_roles(Marker=response['Marker']) if 'Marker' in response else None | |
user_df = pd.DataFrame (items) | |
display (md(""" ## IAM Users Summary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Get role and user dataframe with policies | |
(df, dfu) = iam_analyze.prepare_role_df() | |
display ( md(""" #### All Roles with Policy Full S3 Access """)) | |
dfu.AttachedManagedPolicies = dfu.AttachedManagedPolicies.astype(str) | |
dfs3 = dfu[dfu.AttachedManagedPolicies.str.contains("AmazonS3FullAccess", na=False) ] | |
display(HTML(dfs3.to_html(index=False, justify="left"))) | |
display ( md(""" #### All Roles with Policy Full Administrator Access """)) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
OlderNewer