nuvola (with the lowercase n) is a instrument to dump and carry out automated and guide safety evaluation on AWS environments configurations and companies utilizing predefined, extensible and customized guidelines created utilizing a easy Yaml syntax.
The overall thought behind this venture is to create an abstracted digital twin of a cloud platform. For a extra concrete instance: nuvola displays the BloodHound traits used for Lively Listing evaluation however on cloud environments (in the mean time solely AWS).
The utilization of a graph database additionally will increase the potential of discovering totally different and progressive assault paths and can be utilized as an offline, centralised and light-weight digital twin.
Fast Begin
Necessities
docker-compose
put in- an AWS account configured for use with
awscli
with full entry to the cloud assets, higher if in ReadOnly mode (the coveragearn:aws:iam::aws:coverage/ReadOnlyAccess
is ok)
Setup
- Clone the repository
git clone --depth=1 https://github.com/primait/nuvola.git; cd nuvola
- Create and edit, if required, the
.env
file to set your DB username/password/URL
- Begin the Neo4j docker occasion
- Construct the instrument
Utilization
- Firstly you want to dump all of the supported AWS companies configurations and cargo the info into the Neo4j database:
./nuvola dump -profile default_RO -outputdir ~/DumpDumpFolder -format zip
- To import a beforehand executed dump operation into the Neo4j database:
./nuvola assess -import ~/DumpDumpFolder/nuvola-default_RO_20220901.zip
- To solely carry out static assessments on the info loaded into the Neo4j database utilizing the predefined ruleset:
- Or use Neo4j Browser to manually discover the digital twin.
About nuvola
To get began with nuvola and its database schema, try the nuvola Wiki.
No knowledge is shipped or shared with Prima Assicurazioni.
Tips on how to contribute
- reporting bugs and points
- reporting new enhancements
- reviewing points and pull requests
- fixing bugs and points
- creating new guidelines
- enhancing the general high quality
Shows
License
nuvola makes use of graph principle to disclose potential assault paths and safety misconfigurations on cloud environments.
This program is free software program: you possibly can redistribute it and/or modify it beneath the phrases of the GNU Normal Public License as printed by the Free Software program Basis, both model 3 of the License, or (at your choice) any later model.
This program is distributed within the hope that it is going to be helpful, however WITHOUT ANY WARRANTY; with out even the implied guarantee of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Normal Public License for extra particulars.
It is best to have acquired a replica of the GNU Normal Public License together with this repository and program. If not, see http://www.gnu.org/licenses/.