Skip to content
No description, website, or topics provided.
CSS Python HTML JavaScript
Branch: master
Clone or download
Latest commit eea729e Nov 21, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
rules public init Oct 25, 2019
static changing main url + fixing a bug if a notification method was missing. Nov 21, 2019
.env public init Oct 25, 2019
Pipfile.lock public init Oct 25, 2019
example_settings.toml public init Oct 25, 2019 public init Oct 25, 2019 changing main url + fixing a bug if a notification method was missing. Nov 21, 2019
zappa_settings.json public init Oct 25, 2019


Varna: Custom, robust AWS monitoring for cents a day using EQL

Varna is a lambda based tool for monitoring Amazon Web Services (AWS) CloudTrail using Event Query Language (EQL) costing less than 50 cents a day to run. It supports fully customizable rules that get evaluated within seconds of a new log file being deposited. In addition, Varna supports EQL search over historical logs that were already archived in an AWS account. Upon finding an event to alert upon, it uses one or multiple alert methods to notify a security team of suspicion action. Varna supports 1-click acknowledgment as well to reduce alert fatigue for benign actions. Varna includes a web interface for configuration of rules and review of alerts.

EQL provides some amazing benefits in being the query language of choice for Varna. EQL allows both joins and sequences over a series of log events, this allows writing rules that may require multiple events to fire or a specific chain of events. In addition, EQL is easy to learn and robust enough to handle complex queries. AWS accounts are becoming increasingly important in most organizations security model but sadly remain one of the least focused on from a security perspective. Risks include developers leaking credentials via code commits, 3rd party software exposing account credentials, or permission misconfiguration. Varna helps avoid this by alerting security teams quickly to suspicious behavior and increasing visibility into AWS accounts.

Varna also comes bundled with a set of prewritten EQL rules designed to alert on suspicion behavior present in an AWS account.

You can’t perform that action at this time.