I have installed aws_ir on AWS linux instance.
I am trying to run instance-compromise command on this server for another aws Ec2 server . Here is the error I get with Paramiko failing to connect to the server.
aws_ir --examiner-cidr-range '********' instance-compromise --target ******** --user ec2-user --ssh-key ~/sample.pem
2018-11-06T22:56:54 - aws_ir.cli - INFO - Initialization successful proceeding to incident plan.
2018-11-06T22:56:54 - aws_ir.libs.case - INFO - Initial connection to AmazonWebServices made.
2018-11-06T22:57:03 - aws_ir.libs.case - INFO - Inventory AWS Regions Complete 15 found.
2018-11-06T22:57:03 - aws_ir.libs.case - INFO - Inventory Availability Zones Complete 43 found.
2018-11-06T22:57:03 - aws_ir.libs.case - INFO - Beginning inventory of resources world wide. This might take a minute...
2018-11-06T22:57:03 - aws_ir.libs.inventory - INFO - Searching ap-south-1 for instance.
2018-11-06T22:57:13 - aws_ir.libs.case - INFO - Inventory complete. Proceeding to resource identification.
2018-11-06T22:57:13 - aws_ir.libs.connection - INFO - Returning session for default profile.
2018-11-06T22:57:13 - aws_ir.plans.host - INFO - Proceeding with incident plan steps included are ['gather_host', 'isolate_host', 'tag_host', 'snapshotdisks_host', 'examineracl_host', 'get_memory', 'stop_host']
2018-11-06T22:57:13 - aws_ir.plans.host - INFO - Executing step gather_host.
2018-11-06T22:57:13 - aws_ir.plans.host - INFO - Executing step isolate_host.
2018-11-06T22:57:15 - aws_ir.plans.host - INFO - Executing step tag_host.
2018-11-06T22:57:15 - aws_ir.plans.host - INFO - Executing step snapshotdisks_host.
True
2018-11-06T22:57:15 - aws_ir.plans.host - INFO - Executing step examineracl_host.
2018-11-06T22:57:17 - aws_ir.plans.host - INFO - Executing step get_memory.
2018-11-06T22:57:17 - aws_ir.plans.host - INFO - attempting memory run
2018-11-06T22:57:17 - aws_ir.plans.host - INFO - Attempting run margarita shotgun for ec2-user on 50.241.26.41 with /sample.pem
{
"uids": ["Lime Signing Key (Threat Response Official Lime Signing Key) security@threatresponse.cloud"],
"fingerprint": "EFB6A0CE172EF3D5C8BD67F20F66E271E68B0D50"
}
{
"uids": ["Lime Signing Key (Threat Response Official Lime Signing Key) security@threatresponse.cloud"],
"fingerprint": "EFB6A0CE172EF3D5C8BD67F20F66E271E68B0D50"
}
2018-11-06T22:57:37 - margaritashotgun - ERROR - Paramiko failed to connect to :22 with the exception: timed out
{'failed': ['*'], 'completed': [], 'total': 1}
2018-11-06T22:57:37 - aws_ir.plans.host - INFO - memory capture completed for: [], failed for: ['54.245.56.57']
2018-11-06T22:57:37 - aws_ir.plans.host - INFO - Executing step stop_host.
I have installed aws_ir on AWS linux instance.
I am trying to run instance-compromise command on this server for another aws Ec2 server . Here is the error I get with Paramiko failing to connect to the server.
aws_ir --examiner-cidr-range '********' instance-compromise --target ******** --user ec2-user --ssh-key ~/sample.pem
2018-11-06T22:56:54 - aws_ir.cli - INFO - Initialization successful proceeding to incident plan.
2018-11-06T22:56:54 - aws_ir.libs.case - INFO - Initial connection to AmazonWebServices made.
2018-11-06T22:57:03 - aws_ir.libs.case - INFO - Inventory AWS Regions Complete 15 found.
2018-11-06T22:57:03 - aws_ir.libs.case - INFO - Inventory Availability Zones Complete 43 found.
2018-11-06T22:57:03 - aws_ir.libs.case - INFO - Beginning inventory of resources world wide. This might take a minute...
2018-11-06T22:57:03 - aws_ir.libs.inventory - INFO - Searching ap-south-1 for instance.
2018-11-06T22:57:13 - aws_ir.libs.case - INFO - Inventory complete. Proceeding to resource identification.
2018-11-06T22:57:13 - aws_ir.libs.connection - INFO - Returning session for default profile.
2018-11-06T22:57:13 - aws_ir.plans.host - INFO - Proceeding with incident plan steps included are ['gather_host', 'isolate_host', 'tag_host', 'snapshotdisks_host', 'examineracl_host', 'get_memory', 'stop_host']
2018-11-06T22:57:13 - aws_ir.plans.host - INFO - Executing step gather_host.
2018-11-06T22:57:13 - aws_ir.plans.host - INFO - Executing step isolate_host.
2018-11-06T22:57:15 - aws_ir.plans.host - INFO - Executing step tag_host.
2018-11-06T22:57:15 - aws_ir.plans.host - INFO - Executing step snapshotdisks_host.
True
2018-11-06T22:57:15 - aws_ir.plans.host - INFO - Executing step examineracl_host.
2018-11-06T22:57:17 - aws_ir.plans.host - INFO - Executing step get_memory.
2018-11-06T22:57:17 - aws_ir.plans.host - INFO - attempting memory run
2018-11-06T22:57:17 - aws_ir.plans.host - INFO - Attempting run margarita shotgun for ec2-user on 50.241.26.41 with /sample.pem
{
"uids": ["Lime Signing Key (Threat Response Official Lime Signing Key) security@threatresponse.cloud"],
"fingerprint": "EFB6A0CE172EF3D5C8BD67F20F66E271E68B0D50"
}
{
"uids": ["Lime Signing Key (Threat Response Official Lime Signing Key) security@threatresponse.cloud"],
"fingerprint": "EFB6A0CE172EF3D5C8BD67F20F66E271E68B0D50"
}
2018-11-06T22:57:37 - margaritashotgun - ERROR - Paramiko failed to connect to :22 with the exception: timed out
{'failed': ['*'], 'completed': [], 'total': 1}
2018-11-06T22:57:37 - aws_ir.plans.host - INFO - memory capture completed for: [], failed for: ['54.245.56.57']
2018-11-06T22:57:37 - aws_ir.plans.host - INFO - Executing step stop_host.