This repository has been archived by the owner on Nov 3, 2021. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MVP on doc changes to support reinvent
- Loading branch information
1 parent
5134aba
commit 1780aef
Showing
3 changed files
with
77 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,82 @@ | ||
Benchmarking | ||
============ | ||
MozDef for AWS | ||
=============== | ||
|
||
**What is MozDef for AWS** | ||
|
||
Cloud based MozDef is an opinionated deployment of the MozDef services created in 2018 to help AWS users | ||
ingest cloudtrail, guardduty, and provide security services. | ||
|
||
.. image:: images/cloudformation-launch-stack.png | ||
:target: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=mozdef-for-aws&templateURL=https://s3-us-west-2.amazonaws.com/mozdef.infosec.allizom.org/cf/mozdef-parent.yml | ||
|
||
|
||
Feedback | ||
----------- | ||
|
||
MozDef for AWS is new an we'd love your feedback. Try filing github issues here in the repository or connect with us | ||
in the Mozilla Discourse Security Category. | ||
|
||
https://discourse.mozilla.org/c/security | ||
|
||
You can also take a short survey on MozDef for AWS after you have deployed it. | ||
https://goo.gl/forms/JYjTYDK45d3JdnGd2 | ||
|
||
|
||
Dependencies | ||
-------------- | ||
|
||
MozDef requires the following: | ||
|
||
- A DNS name ( cloudymozdef.security.allizom.org ) | ||
- An OIDC Provider with ClientID, ClientSecret, and Discovery URL | ||
- Mozilla Uses Auth0 but you can use any OIDC provider you like: Shibboleth, KeyCloak, AWS Cognito, Okta, Ping (etc) | ||
- An ACM Certificate in the deployment region for your DNS name | ||
- A VPC with three public subnets available. | ||
- It is advised that this VPC be dedicated to MozDef or used solely for security automation. | ||
- An SQS queue recieving GuardDuty events. At the time of writing this is not required but may be required in future. | ||
|
||
|
||
Supported Regions | ||
------------------ | ||
|
||
MozDef for AWS is currently only supported in us-west-2 but will onboard additional regions over time. | ||
|
||
|
||
Architecture | ||
------------- | ||
|
||
.. image:: images/MozDefCloudArchitecture.png | ||
|
||
|
||
Deployment Process | ||
------------------- | ||
|
||
1. Launch the one click stack and provide the requisite values. | ||
2. Wait for the stack to complete. You'll see several nested stacks in the Cloudformation console. *Note: This may take a while* | ||
3. Navigate to the URL you set up for MozDef. It should redirect you to the single sign on provider. If successful you'll see the MozDef UI. | ||
4. Try navigating to ElasticSearch https://your_base_url:9090 | ||
You should see the following: | ||
:: | ||
|
||
{ | ||
"name" : "SMf4400", | ||
"cluster_name" : "656532927350:mozdef-mozdef-yemjpbnpw8xb", | ||
"cluster_uuid" : "_yBEIsFkQH-nEZfrFgj7mg", | ||
"version" : { | ||
"number" : "5.6.8", | ||
"build_hash" : "688ecce", | ||
"build_date" : "2018-09-11T14:44:40.463Z", | ||
"build_snapshot" : false, | ||
"lucene_version" : "6.6.1" | ||
}, | ||
"tagline" : "You Know, for Search" | ||
} | ||
|
||
5. Test out Kibana at https://your_base_url:9090/_plugin/kibana/app/kibana#/discover?_g=() | ||
|
||
|
||
Using MozDef | ||
------------- | ||
|
||
Refer back to our other docs on how to use MozDef for general guidance. Cloud specific instructions will evolve here. | ||
If you saw something about MozDef for AWS at re: Invent 2018 and you want to contribute we'd love your PRs. |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.