Skip to content
This repository has been archived by the owner on Dec 23, 2020. It is now read-only.

ServerlessOpsIO/threatstack-aws-sns-publisher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
handlers
handlers
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
requirements.txt
requirements.txt
 
 
serverless.yml
serverless.yml
 
 

Repository files navigation

threatstack-aws-sns-publisher

Build Status License

Receives webhooks from Threat Stack and publishes alert details to an SNS topic. Subsribe additional services to the SNS topic to aggregate alert data to multiple services. To see example subscribers for this service, checkout our GitHub org!

The service consists of:

  • AWS API Gateway endpoint
  • AWS Lambda function
  • AWS SNS topic
  • Permission resources to allow services to communicate

Deployment

This service can be deployed using the button below which will redirect to CloudFormation. You will need your Threat Stack API key, Org ID, User ID to deploy.

Launch CloudFormation Stack

Alternatively, you can deploy from a clone of this repository by using Serverless Framework.

$ npm install -g serverless
$ npm install
$ THREATSTACK_API_KEY=<THREATSTACK_API_KEY> THREATSTACK_ORG_ID=<THREATSTACK_ORG_ID> THREATSTACK_USER_ID=<THREATSTACK_USER_ID> serverless deploy -v

Configuration

After this service is deployed, obtained the WebHookEndpoint output value from the stack and enter that as the webhook url on the Threat Stack integrations screen.

$ aws cloudformation describe-stacks --stack-name <STACK_NAME> --query "[Stacks][0][0].Outputs"
[
    {
        "OutputKey": "ThreatStackAwsSnsPublisherLambdaFunctionQualifiedArn",
        "OutputValue": "arn:aws:lambda:us-east-1:529602709954:function:threatstack-aws-sns-publisher-prime-ThreatStackAwsSnsPublisher:70",
        "Description": "Current Lambda function version"
    },
    {
        "OutputKey": "SnsConfirmSubscriptionIamManagedPolicyArn",
        "OutputValue": "arn:aws:iam::529602709954:policy/threatstack-aws-sns-publisher-prime-SnsConfirmSubscriptionIamManagedPolicy-9EHKMD539ZUP",
        "Description": "ARN of IAM managed policy for subscription confirmation",
        "ExportName": "threatstack-aws-sns-publisher-prime-SnsConfirmSubscriptionIamManagedPolicyArn"
    },
    {
        "OutputKey": "WebHookEndpoint",
        "OutputValue": "https://1f1axqumck.execute-api.us-east-1.amazonaws.com/prime/threatstack-aws-sns-publisher/api/v2/alert",
        "Description": "Webhook endpoint",
        "ExportName": "threatstack-aws-sns-publisher-prime-WebHookEndpoint"
    },
    {
        "OutputKey": "SnsTopicArn",
        "OutputValue": "arn:aws:sns:us-east-1:529602709954:threatstack-aws-sns-publisher-prime-SnsTopic-CQNDFPKNTJGC",
        "Description": "SNS Topic ARN; used by deployed subscribers",
        "ExportName": "threatstack-aws-sns-publisher-prime-SnsTopicArn"
    },
    {
        "OutputKey": "ServiceEndpoint",
        "OutputValue": "https://1f1axqumck.execute-api.us-east-1.amazonaws.com/prime",
        "Description": "URL of the service endpoint"
    },
    {
        "OutputKey": "ServerlessDeploymentBucketName",
        "OutputValue": "threatstack-aws-sns-publ-serverlessdeploymentbuck-wnocrqlbkkye"
    }
]

Development

This repository uses Serverless Framework for managing the development life cycle. To install Serverless Framework, ensure you have NodeJS and the NPM package manager installed. Then perform the following.

$ npm install -g serverless
$ npm install

About

Publish Threat Stack alerts via webhooks to AWS SNS

Topics

aws aws-lambda serverless aws-sns threatstack

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages