Friday, February 12, 2016

Videowall for SOC. v2

Sure thing you need it for security events visibility. It could be LCD, Plasma or just a projector.

Usually you have more than 5 different security management programs ( SIEM, IDS management, system logs, cloud monitoring,  etc) , so, you need method to show all these on display. You can't tile one display with all these windows - lack of resolution for huge amount of information.
Recently I rewrote quite useful script from my previous post: to just do one simple function: Activate Chrome browser and switch tabs. New days guys - all our security dashboards now in browser. 

Set WshShell = WScript.CreateObject("WScript.Shell") 
ex = True 
WshShell.AppActivate("Google Chrome")
Do
  WshShell.AppActivate(2116)
  WshShell.SendKeys "^{TAB}" 
  WScript.Sleep 10000
  if WshShell.AppActivate("Untitled - Notepad") Then Set ex=False
Loop While ex=True

It gives you possibility to see and read all security information on video wall and adjust visibility interval between tabs.

PS. you must run notepad.exe to kill the script.

Wednesday, February 3, 2016

AWS CloudFormation template security group viewer

        Almost any AWS CloudFormation template are more then long enough. It's OK when you are dealing with different relatively "static" resources but become a big  problem for something way more dynamic like security group.
    This kind of resource you need to modify and review a lot, especially if you cloud security professional.  Reading AWS CloudFromation template JSON manually  makes your life miserable and you can easily miss bunch of security problems and holes.
     My small aws_secgroup_viewer Python program helps you to quickly review and analyse all security groups in your template.

     https://github.com/IhorKravchuk/it-security/blob/master/aws_secgroup_viewer.py

     Supports both security group notations used by CloudFormation: firewall rules inside security group or as separate resources linked to group.