Displaying 1 to 11 from 11 results

graylog-plugin-aws - Several bundled Graylog plugins to integrate with different AWS services like CloudTrail and FlowLogs

  •    Java

Since Graylog Version 2.4.0 this plugin is already included in the Graylog server installation package as default plugin. Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.




terraform-aws-cloudtrail-s3-bucket - S3 bucket with built in IAM policy to allow CloudTrail logs

  •    HCL

Terraform module to provision an S3 bucket with built in policy to allow CloudTrail logs. This is useful if an organization uses a number of separate AWS accounts to isolate the Audit environment from other environments (production, staging, development).

cloudtrailbeat - Easily export AWS CloudTrail events to ElasticSearch

  •    Go

This is a beat for the Amazon Web Services (AWS) CloudTrail service. CloudTrailBeat relies on a combination of SNS, SQS and S3 to create a processing 'pipeline' to process new log events quickly and efficiently. The beat polls the SQS queue for notification of when a new CloudTrail log file is available for download in S3. Each log file is then downloaded, processed and sent to the configured receiver (logstash, elasticsearch, etc). You are then able to query the data using Kibana (or any other tool) to analyse events involving API calls and IAM authentications. These steps assume you already have a working Go environment.

terraform-aws-cloudtrail - Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs

  •    HCL

Terraform module to provision an AWS CloudTrail. The module accepts an encrypted S3 bucket with versioning to store CloudTrail logs.

terraform-aws-cloudtrail-cloudwatch-alarms - Terraform module for creating alarms for tracking important changes and occurances from cloudtrail

  •    HCL

Terraform module for creating alarms for tracking important changes and occurances from cloudtrail. This module creates a set of filter metrics and alarms based on the security best practices covered in the AWS CIS Foundations Benchmark guide.


trailscraper - A command-line tool to get valuable information out of AWS CloudTrail

  •    Python

This is totally possible. Unfortunately, there is no good, machine-readable documentation on how CloudTrail events map to IAM actions so TrailScraper is using heuristics to figure out the right actions. These heuristics likely don't cover all special cases of the AWS world. This is where you come in: If you find a special case that's not covered by TrailScraper, please open a new issue or, even better, submit a pull request.

module-security-public - The public documentation for the gruntwork-io/module-security repo, which contains packages for setting up best practices for managing secrets, credentials, and servers

  •    Go

Click on each module above to see its documentation. Head over to the examples folder for examples. At Gruntwork, we've taken the thousands of hours we spent building infrastructure on AWS and condensed all that experience and code into pre-built packages or modules. Each module is a battle-tested, best-practices definition of a piece of infrastructure, such as a VPC, ECS cluster, or an Auto Scaling Group. Modules are versioned using Semantic Versioning to allow Gruntwork clients to keep up to date with the latest infrastructure best practices in a systematic way.

cloudtrail-log-analytics - Cloudtrail Log Analytics using Amazon Elasticsearch Service - AWS Serverless Application

  •    Python

This AWS Serverless Application will help you analyze AWS CloudTrail Logs using Amazon Elasticsearch Service. The application creates CloudTrail trail, sets the log delivery to an s3 bucket that it creates and configures SNS delivery whenever the CloudTrail log file has been written to s3. The app also creates an Amazon Elasticsearch Domain and creates an Amazon Lambda Function which gets triggered by the SNS message, get the s3 file location, read the contents from the s3 file and write the data to Elasticsearch for analytics. The remainder of document explains how to prepare the Serverless Application and deploy it via AWS CloudFormation.