Alienvault

Operationalizing the AlienVault Sensor CloudFormation Template - Part 4

This is part 4 in a series of articles. To follow along via code, visit the Github repository. In the last article, I reviewed the template for operational and security risks. Let’s go fix some of them now. Making Unsafe Defaults Safe First, some guard rails are added to the template. Remove the Default attribute from both SSHLocation and HTTPLocation, ensuring that the caller specifies them in the CloudFormation template. That way, if the caller does use 0.0.0.0/0, it is a decision they have made, not the template. ...

Operationalizing the AlienVault Sensor CloudFormation Template - Part 3

This is part 3 in a series of articles. To follow along via code, visit the Github repository. The last article discussed some refactoring use new(-ish) CloudFormation features, which help improve the readability and reduce the template’s file size. This article temporarily moves away from template modifications and focuses on how someone can review a CloudFormation template for security and operational risks. Parameters Let’s start with the Parameters section, because that is going to tell us what dependencies we need to bring into this template from our AWS or organizational environment. ...

Operationalizing the AlienVault Sensor CloudFormation Template - Part 2

This is part 2 in a series of articles. To follow along via code, visit the Github repository. In the last article, I showed how we can improve the operational capabilities of the AlienVault sensor deployment in AWS, simply by adding some automation and formatting changes to the generic CloudFormation template supplied to customers. Let’s further improve the YAML template to make it more readable and less code-heavy by using the newest features of CloudFormation. ...

Operationalizing the AlienVault Sensor CloudFormation Template - Part 1

This is part 1 in a series of articles. To follow along via code, visit the Github repository. I recently needed to review the AlienVault Sensor deployment for AWS and, well, it left me wanting more. Many companies are smart to offer infrastructure-as-code for their appliances. It provides customers with a near one-click deployment model. It also provides customers with insight into what permissions, servers, and resources the appliance will require. The issue with vendor-supplied code is that it needs to apply to a generic customer base; a sort of lowest common denominator scenario where insecure defaults are needed to fit various environments and customers with various skill levels. ...