Hopefully this changes in the near future (for now I also have an email subscription on the SNS Topic to cover those).Amazon Web Services has integrated its AWS Chatbot into Microsoft Teams to allow enterprise users to interact with AWS cloud resources from within the chat application.ĪWS Chatbot, which was first showcased in 2019 and made generally available in 2020, is a service that lets enterprise development and IT teams receive notifications about their AWS infrastructure resources from within a productivity or chat application such as Slack. Pretty neat, isn’t it!?Ĭurrently, all of the above message types are supported by AWS ChatbotĮxcept for the ECR Vulnerabilities. Here’s how the result looks like in Slack. This should get you started in a matter of minutes 😄 Ref: SecurityIssuesSnsTopic Id: SecurityTopic # UNDEFINED: # - exists: false # - numeric: Targets: Name: detect-ecr-vulnerabilities Description: A CloudWatch Event Rule that triggers on Amazon ECR vulnerabilities. Ref: SecurityIssuesSnsTopic Id: SecurityTopic EcrVulnerabilitiesEventRule: ! Sub arn:aws:securityhub:$:action/custom/reportfindings Targets: Security Hub Findings - Custom Action resources: Name: detect-securityhub-findings Description: A CloudWatch Event Rule that triggers on Amazon Security Hub findings. Ref: SecurityIssuesSnsTopic Id: SecurityTopic SecurityHubFindingEventRule: Name: detect-guardduty-findings Description: A CloudWatch Event Rule that triggers on Amazon GuardDuty findings. Type: String Description: Contains the ARN of the SNS topic on which security issues are published.
The hardest part is capturing the EventBridge events and forwarding them to SNS, so here the CloudFormation to help you out on that part:ĪWSTemplateFormatVersion: '' Description: Forward EventBridge security events to AWS SNS Parameters: On top of that AWS Chatbot is configured to listen to that SNS topic and to forward all messages to Slack.Ĭreating the SNS Topic and setting up AWS Chatbot to listen to the SNS Topic and forward the messages to your chat client is very easy and done in a few clicks. Using AWS Eventbridge, we collect all notifications on a single SNS topic named ‘security-issues’. It turns out that showing all your security findings and alerts in your chat client is quite easy. So ideally, we just had to add our security notifications to the same chatroom to get notified and to never miss a security issue again. All these notifications are collected in a dedicated room for which a company policy dictates those should be all read.
On the other side, we heavily use Slack for chat and notifications from build pipelines, service changes, system errors, etc. I’m not the person to check all these dashboards on a daily basis for new findings, I simply forget to do so. The only issue I had, is that often their findings stayed under the radar way too long. To secure our AWS Cloud setup we use quite some tools:ĪWS Security Hub, AWS Inspector, AWS Guardduty and ECR Vulnerability Scanning just to name a few.Īll these tools are both easy to set up and do a very nice job finding weaknesses and treats.
0 kommentar(er)
