Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Varna

Varna is an AWS serverless cloud security tool that parses and alerts on CloudTrail logs using Event Query Language (EQL). Varna is deployed as a lambda function, for scanning and serving web requests, and a dynamodb table, for keeping track of seen alerts. Varna is cheap & efficient to run, costing less than 15 dollars a month with proper configuration and ingesting alerts as soon as CloudTrail stores them in S3.

You can find more information to install on how to install Varna in the install.md.

All of the rules can be found in the rules folder and should be fairly understandable.

Features:

  • Quick setup, takes less than 10 minutes to setup & deploy using Zappa.
  • Easy to enable slack & email notifications.
  • Rules are quick to write and easy to understand.
  • Easy to enable user authentication.
  • Simple code, readable by a single human in a couple of hours.
  • Past search in the web console for finding additional context.

Varna is basically feature complete for our needs, the only outstanding work that might be done is incorporating SAML authentication or a method for bulk past search. If you have questions or would like to discuss a new feature, feel free to email me.

Some quick screenshots of the web interface:

List Alarms Past Search

About

Varna: Quick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published