Add script to audit account logins for past 90 days #18
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
First draft
First update
Update for public consumption
Changing language from garden > strongDM
First edit
Removed Auth0 link
Not needed here
Added notes about admin token, and change required if your logging uses JSON
…th-group-in-matchers Feat/only create users with group in matchers
- Include support for Google
This script serves as an example exporter that can monitor the
health of resources ("Infrastructure") and nodes ("Gateways/Relays").
The script uses the following workflow:
- Make an API call to strongDM's API to retrive information about resources and
nodes. The frequency of the API call is configurable by updating the "update_interval"
variable in "main()"
- Collect data about any resource or node that is tagged with <alert_tag> in strongDM.
This tag is configurable by updating the "alert_tag" variable in "main()"
- Export metrics to a prometheus endpoint as a "Gauge" (0 for healthy, 1 for unhealthy)
- Renamed API key/secret environment variables - Removed validation check for states being "started" or "stopped" - Added the "health" and "state" prometheus labels for resources and nodes respectively to make it easy to see the current health in prometheus
sdm_health_exporter.py - v0.0.1
…le-resources Added a permission for running role_resources.py
Co-authored-by: gaabrieljesuss <gaabrieljesuss@users.noreply.github.com>
Create Jira Docker Image
Co-authored-by: gaabrieljesuss <gaabrieljesuss@users.noreply.github.com>
Co-authored-by: gaabrieljesuss <gaabrieljesuss@users.noreply.github.com>
Co-authored-by: gaabrieljesuss <gaabrieljesuss@users.noreply.github.com>
Co-authored-by: gaabrieljesuss <gaabrieljesuss@users.noreply.github.com>
Add SDM-EXT CLI
At least this is a good audit trail for audit changes.
Co-authored-by: vassalo <vassalo@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This script outputs a CSV that displays the last login time for a StrongDM account for the past 90 days to identify inactive users/service accounts.