Container Security Platform Automation

This repository contains the files needed to single-click deploy AWS infrastructure and set up Falco (a sys-call based container IDS) via Cloudformation templates and bash scripts.

For a detailed walkthrough

Take a look at this blog post.

A Brief Overview

Cloudformation Inputs

EC2-instace Type.
IP Address to whitelist for Kibana.
SSH key pair name.

Cloudformation Outputs

VPC, (public) subnet, non-elastic IP assignment, IGW, route tables.
EBS volume, EC2 instance, appropriate security groups.
EC2 user-data script that downloads and runs ec2_setup.sh from this repo.

ec2_setup.sh

Installs all neccessary components.
Runs containerized instances of Elasticsearch, Kibana and Falco event-generator.
Runs Falco with a custom config and Python <-> ES integration.
Configures indices and dashboards via the Kibana API by importing the file dashboard_export.json.

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
README.md		README.md
aggregate_alerts.py		aggregate_alerts.py
cloudformation_stack.yaml		cloudformation_stack.yaml
dashboard_export.json		dashboard_export.json
ec2_setup.sh		ec2_setup.sh
falco_custom.yaml		falco_custom.yaml
kib_dashboard_updated.png		kib_dashboard_updated.png
kibana_visaluzation_sample.png		kibana_visaluzation_sample.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Container Security Platform Automation

For a detailed walkthrough

A Brief Overview

Outputs

About

Releases

Packages

Languages

anishsujanani/container-monitoring-platform-automation

Folders and files

Latest commit

History

Repository files navigation

Container Security Platform Automation

For a detailed walkthrough

A Brief Overview

Outputs

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages