Cloud Scout Cheat Sheet
Überblick
Cloud Scout ist ein Open-Source-Tool, das von Sygnia für Cloud-Sicherheits-Mapping und Angriffspfad-Visualisierung in hybriden Cloud-Umgebungen entwickelt wurde. Diese umfassende Plattform bietet Sicherheitsteams die Möglichkeit, Cloud-Infrastruktur zu erstellen, Angriffspfade zu identifizieren und potenzielle Sicherheitsrisiken in den Umgebungen AWS, Azure und Google Cloud Platform zu visualisieren. Cloud Scout zeichnet sich durch die Kombination von Daten mehrerer Cloud-Anbieter und On-Premises-Infrastruktur aus, um umfassende Angriffspfadanalysen und Sicherheitsmapping-Funktionen zu erstellen.
ZEIT Warning: Cloud Scout benötigt entsprechende Berechtigungen zum Zugriff auf Cloud-Ressourcen. Verwenden Sie dieses Tool nur gegen Cloud-Umgebungen, die Sie besitzen oder eine ausdrückliche schriftliche Genehmigung zur Beurteilung haben. Unberechtigtes Cloud-Scannen kann die Nutzungsbedingungen und die lokalen Gesetze verletzen.
Installation und Inbetriebnahme
Voraussetzungen
```bash
Install Python 3.8 or higher
python3 --version
Install pip and virtualenv
sudo apt update sudo apt install python3-pip python3-venv
Install Node.js for web interface
curl -fsSL https://deb.nodesource.com/setup_18.x|sudo -E bash - sudo apt-get install -y nodejs
Install Docker for containerized deployment
sudo apt install docker.io docker-compose sudo usermod -aG docker $USER ```_
Installation von Source
```bash
Clone Cloud Scout repository
git clone https://github.com/Sygnia/cloud-scout.git cd cloud-scout
Create virtual environment
python3 -m venv cloud-scout-env source cloud-scout-env/bin/activate
Install dependencies
pip install -r requirements.txt
Install additional dependencies for cloud providers
pip install boto3 azure-identity azure-mgmt-resource google-cloud-asset
Verify installation
python cloud_scout.py --help ```_
Docker Installation
```bash
Pull Cloud Scout Docker image
docker pull sygnia/cloud-scout:latest
Run Cloud Scout in Docker
docker run -it --rm \ -v $(pwd)/config:/app/config \ -v $(pwd)/output:/app/output \ -p 8080:8080 \ sygnia/cloud-scout:latest
Create Docker Compose setup
cat > docker-compose.yml << 'EOF' version: '3.8' services: cloud-scout: image: sygnia/cloud-scout:latest ports: - "8080:8080" volumes: - ./config:/app/config - ./output:/app/output - ./data:/app/data environment: - CLOUD_SCOUT_CONFIG=/app/config/config.yaml EOF
Start with Docker Compose
docker-compose up -d ```_
Cloud Provider Setup
AWS Konfiguration
```bash
Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install
Configure AWS credentials
aws configure
Enter Access Key ID, Secret Access Key, Region, Output format
Create IAM policy for Cloud Scout
cat > cloud-scout-policy.json << 'EOF' \\{ "Version": "2012-10-17", "Statement": [ \\{ "Effect": "Allow", "Action": [ "ec2:Describe", "iam:List", "iam:Get", "s3:List", "s3:Get", "rds:Describe", "lambda:List", "lambda:Get", "cloudformation:List", "cloudformation:Describe", "cloudtrail:Describe", "cloudtrail:Get", "organizations:List", "organizations:Describe" ], "Resource": "*" \\} ] \\} EOF
Create IAM user and attach policy
aws iam create-user --user-name cloud-scout-user aws iam put-user-policy --user-name cloud-scout-user --policy-name CloudScoutPolicy --policy-document file://cloud-scout-policy.json aws iam create-access-key --user-name cloud-scout-user ```_
Azure Konfiguration
```bash
Install Azure CLI
curl -sL https://aka.ms/InstallAzureCLIDeb|sudo bash
Login to Azure
az login
Create service principal for Cloud Scout
az ad sp create-for-rbac --name "cloud-scout-sp" --role "Reader" --scopes "/subscriptions/$(az account show --query id -o tsv)"
Grant additional permissions
az role assignment create --assignee
Set environment variables
export AZURE_CLIENT_ID="
Google Cloud Platform Konfiguration
```bash
Install Google Cloud SDK
curl https://sdk.cloud.google.com|bash exec -l $SHELL
Initialize gcloud
gcloud init
Create service account
gcloud iam service-accounts create cloud-scout-sa --display-name="Cloud Scout Service Account"
Grant necessary roles
gcloud projects add-iam-policy-binding PROJECT_ID \ --member="serviceAccount:cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/viewer"
gcloud projects add-iam-policy-binding PROJECT_ID \ --member="serviceAccount:cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/security.securityReviewer"
Create and download service account key
gcloud iam service-accounts keys create cloud-scout-key.json \ --iam-account=cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com
Set environment variable
export GOOGLE_APPLICATION_CREDENTIALS="$(pwd)/cloud-scout-key.json" ```_
Konfiguration
Grundkonfiguration
```yaml
config/config.yaml
cloud_scout: # General settings output_directory: "./output" log_level: "INFO" max_threads: 10
# Cloud providers providers: aws: enabled: true regions: ["us-east-1", "us-west-2", "eu-west-1"] accounts: ["123456789012"]
azure:
enabled: true
subscriptions: ["subscription-id-1", "subscription-id-2"]
gcp:
enabled: true
projects: ["project-id-1", "project-id-2"]
# Data collection settings collection: compute_instances: true storage_buckets: true databases: true network_resources: true iam_resources: true security_groups: true load_balancers: true dns_records: true
# Analysis settings analysis: attack_paths: true privilege_escalation: true lateral_movement: true data_exfiltration: true persistence_mechanisms: true
# Visualization settings visualization: web_interface: true port: 8080 export_formats: ["json", "csv", "graphml"] ```_
Erweiterte Konfiguration
```yaml
config/advanced-config.yaml
cloud_scout: # Advanced collection settings collection: deep_scan: true include_metadata: true scan_interval: 3600 # seconds
# Resource-specific settings
compute:
include_stopped_instances: true
scan_instance_metadata: true
check_user_data: true
storage:
scan_bucket_policies: true
check_public_access: true
analyze_encryption: true
network:
map_vpc_peering: true
analyze_security_groups: true
check_nacls: true
scan_route_tables: true
iam:
analyze_policies: true
check_cross_account_access: true
map_role_assumptions: true
scan_service_accounts: true
# Attack path analysis attack_paths: algorithms: - "shortest_path" - "privilege_escalation" - "lateral_movement" - "data_access"
risk_scoring:
enabled: true
factors:
- "exposure_level"
- "privilege_level"
- "data_sensitivity"
- "attack_complexity"
filters:
min_risk_score: 5
max_path_length: 10
exclude_low_impact: true
# Reporting settings reporting: formats: ["html", "pdf", "json"] include_remediation: true executive_summary: true technical_details: true
templates:
executive: "templates/executive.html"
technical: "templates/technical.html"
compliance: "templates/compliance.html"
```_
Basisnutzung
Initial Cloud Mapping
```bash
Basic cloud mapping across all configured providers
python cloud_scout.py map --all-providers
Map specific cloud provider
python cloud_scout.py map --provider aws python cloud_scout.py map --provider azure python cloud_scout.py map --provider gcp
Map specific regions/subscriptions/projects
python cloud_scout.py map --provider aws --regions us-east-1,us-west-2 python cloud_scout.py map --provider azure --subscriptions sub-id-1 python cloud_scout.py map --provider gcp --projects project-1,project-2
Map with specific resource types
python cloud_scout.py map --resources compute,storage,network ```_
Analyse von Pfaden
```bash
Analyze attack paths across all mapped resources
python cloud_scout.py analyze --attack-paths
Analyze specific attack scenarios
python cloud_scout.py analyze --scenario privilege-escalation python cloud_scout.py analyze --scenario lateral-movement python cloud_scout.py analyze --scenario data-exfiltration
Analyze with risk scoring
python cloud_scout.py analyze --risk-scoring --min-score 7
Generate attack path report
python cloud_scout.py analyze --output-format html --report-type attack-paths ```_
Sicherheitsbewertung
```bash
Comprehensive security assessment
python cloud_scout.py assess --comprehensive
Assess specific security domains
python cloud_scout.py assess --domains iam,network,storage python cloud_scout.py assess --domains compute,database
Compliance assessment
python cloud_scout.py assess --compliance cis-aws python cloud_scout.py assess --compliance nist-csf python cloud_scout.py assess --compliance iso27001
Custom security checks
python cloud_scout.py assess --custom-checks config/custom-checks.yaml ```_
Erweiterte Funktionen
Multi-Cloud-Umgebung Mapping
```bash
Map hybrid cloud environment
python cloud_scout.py map-hybrid \ --aws-accounts 123456789012,987654321098 \ --azure-subscriptions sub-1,sub-2 \ --gcp-projects project-1,project-2 \ --include-on-premises
Cross-cloud relationship analysis
python cloud_scout.py analyze-relationships \ --cross-cloud \ --include-vpn-connections \ --include-peering
Multi-cloud attack path analysis
python cloud_scout.py analyze-attack-paths \ --multi-cloud \ --include-cross-cloud-paths \ --risk-threshold 8 ```_
Erweiterte Visualisierung
```bash
Generate interactive visualization
python cloud_scout.py visualize \ --interactive \ --include-attack-paths \ --color-by-risk
Export to graph formats
python cloud_scout.py export \ --format graphml \ --include-metadata \ --output cloud-topology.graphml
Generate network diagrams
python cloud_scout.py diagram \ --type network \ --provider aws \ --region us-east-1 \ --output network-diagram.png ```_
Kontinuierliche Überwachung
```bash
Set up continuous monitoring
python cloud_scout.py monitor \ --interval 3600 \ --alert-on-changes \ --webhook-url https://hooks.slack.com/services/...
Compare cloud states
python cloud_scout.py compare \ --baseline baseline-20231201.json \ --current current-scan.json \ --output-diff changes-report.html
Automated reporting
python cloud_scout.py report \ --schedule daily \ --email-recipients security@company.com \ --include-executive-summary ```_
Automatisierungsskripte
Umfassende Cloud Security Assessment
```bash
!/bin/bash
Comprehensive cloud security assessment using Cloud Scout
ASSESSMENT_NAME="$1" OUTPUT_DIR="cloud_assessment_$(date +%Y%m%d_%H%M%S)" REPORT_DIR="$OUTPUT_DIR/reports" DATA_DIR="$OUTPUT_DIR/data"
if [ -z "$ASSESSMENT_NAME" ]; then
echo "Usage: $0
mkdir -p "$REPORT_DIR" "$DATA_DIR"
Function to perform cloud mapping
perform_cloud_mapping() \\{ echo "[+] Starting cloud mapping phase"
# Map AWS environments
if python cloud_scout.py check-provider --provider aws; then
echo " [+] Mapping AWS environment"
python cloud_scout.py map \
--provider aws \
--all-regions \
--output "$DATA_DIR/aws-mapping.json" \
--verbose
fi
# Map Azure environments
if python cloud_scout.py check-provider --provider azure; then
echo " [+] Mapping Azure environment"
python cloud_scout.py map \
--provider azure \
--all-subscriptions \
--output "$DATA_DIR/azure-mapping.json" \
--verbose
fi
# Map GCP environments
if python cloud_scout.py check-provider --provider gcp; then
echo " [+] Mapping GCP environment"
python cloud_scout.py map \
--provider gcp \
--all-projects \
--output "$DATA_DIR/gcp-mapping.json" \
--verbose
fi
# Combine mappings
python cloud_scout.py combine-mappings \
--input-dir "$DATA_DIR" \
--output "$DATA_DIR/combined-mapping.json"
echo "[+] Cloud mapping completed"
\\}
Function to analyze attack paths
analyze_attack_paths() \\{ echo "[+] Starting attack path analysis"
# Comprehensive attack path analysis
python cloud_scout.py analyze-attack-paths \
--input "$DATA_DIR/combined-mapping.json" \
--all-scenarios \
--risk-scoring \
--output "$DATA_DIR/attack-paths.json"
# Privilege escalation analysis
python cloud_scout.py analyze-privilege-escalation \
--input "$DATA_DIR/combined-mapping.json" \
--include-cross-account \
--output "$DATA_DIR/privilege-escalation.json"
# Lateral movement analysis
python cloud_scout.py analyze-lateral-movement \
--input "$DATA_DIR/combined-mapping.json" \
--include-network-paths \
--output "$DATA_DIR/lateral-movement.json"
# Data exfiltration analysis
python cloud_scout.py analyze-data-exfiltration \
--input "$DATA_DIR/combined-mapping.json" \
--include-storage-access \
--output "$DATA_DIR/data-exfiltration.json"
echo "[+] Attack path analysis completed"
\\}
Function to perform security assessment
perform_security_assessment() \\{ echo "[+] Starting security assessment"
# CIS benchmark assessment
python cloud_scout.py assess-compliance \
--framework cis \
--input "$DATA_DIR/combined-mapping.json" \
--output "$DATA_DIR/cis-assessment.json"
# NIST CSF assessment
python cloud_scout.py assess-compliance \
--framework nist-csf \
--input "$DATA_DIR/combined-mapping.json" \
--output "$DATA_DIR/nist-assessment.json"
# Custom security checks
python cloud_scout.py assess-security \
--custom-checks config/security-checks.yaml \
--input "$DATA_DIR/combined-mapping.json" \
--output "$DATA_DIR/security-assessment.json"
# Risk assessment
python cloud_scout.py assess-risk \
--input "$DATA_DIR/combined-mapping.json" \
--include-attack-paths "$DATA_DIR/attack-paths.json" \
--output "$DATA_DIR/risk-assessment.json"
echo "[+] Security assessment completed"
\\}
Function to generate reports
generate_reports() \\{ echo "[+] Generating comprehensive reports"
# Executive summary report
python cloud_scout.py generate-report \
--template executive \
--input-dir "$DATA_DIR" \
--output "$REPORT_DIR/executive-summary.html" \
--title "$ASSESSMENT_NAME - Executive Summary"
# Technical report
python cloud_scout.py generate-report \
--template technical \
--input-dir "$DATA_DIR" \
--output "$REPORT_DIR/technical-report.html" \
--title "$ASSESSMENT_NAME - Technical Report" \
--include-remediation
# Attack path report
python cloud_scout.py generate-report \
--template attack-paths \
--input "$DATA_DIR/attack-paths.json" \
--output "$REPORT_DIR/attack-paths-report.html" \
--include-visualizations
# Compliance report
python cloud_scout.py generate-report \
--template compliance \
--input-dir "$DATA_DIR" \
--output "$REPORT_DIR/compliance-report.html" \
--frameworks cis,nist-csf
# Generate PDF reports
for html_file in "$REPORT_DIR"/*.html; do
pdf_file="$\\\\{html_file%.html\\\\}.pdf"
| wkhtmltopdf "$html_file" "$pdf_file" 2>/dev/null | | \ | echo "Warning: Could not generate PDF for $(basename "$html_file")" done
echo "[+] Report generation completed"
\\}
Function to create visualizations
create_visualizations() \\{ echo "[+] Creating visualizations"
# Network topology visualization
python cloud_scout.py visualize-topology \
--input "$DATA_DIR/combined-mapping.json" \
--output "$REPORT_DIR/network-topology.html" \
--interactive
# Attack path visualization
python cloud_scout.py visualize-attack-paths \
--input "$DATA_DIR/attack-paths.json" \
--output "$REPORT_DIR/attack-paths-visualization.html" \
--color-by-risk
# Risk heatmap
python cloud_scout.py generate-heatmap \
--input "$DATA_DIR/risk-assessment.json" \
--output "$REPORT_DIR/risk-heatmap.png" \
--dimensions provider,service,risk-level
# Export to graph formats
python cloud_scout.py export-graph \
--input "$DATA_DIR/combined-mapping.json" \
--format graphml \
--output "$DATA_DIR/cloud-topology.graphml"
echo "[+] Visualization creation completed"
\\}
Function to generate summary
generate_summary() \\{ echo "[+] Generating assessment summary"
cat > "$OUTPUT_DIR/assessment-summary.txt" << EOF
Cloud Security Assessment Summary
Assessment Name: $ASSESSMENT_NAME Date: $(date) Output Directory: $OUTPUT_DIR
Files Generated: - Data Files: $DATA_DIR/ - Reports: $REPORT_DIR/ - Visualizations: $REPORT_DIR/
Key Findings: $(python cloud_scout.py summarize --input-dir "$DATA_DIR" --format text)
Next Steps: 1. Review executive summary report 2. Analyze attack path visualizations 3. Implement high-priority remediation items 4. Schedule follow-up assessment
EOF
echo "[+] Assessment summary generated: $OUTPUT_DIR/assessment-summary.txt"
\\}
Main execution
echo "[+] Starting comprehensive cloud security assessment: $ASSESSMENT_NAME"
Check dependencies
| if ! command -v python &> /dev/null | | ! python -c "import cloud_scout" 2>/dev/null; then | echo "[-] Cloud Scout not found or not properly installed" exit 1 fi
Perform assessment phases
perform_cloud_mapping analyze_attack_paths perform_security_assessment generate_reports create_visualizations generate_summary
echo "[+] Comprehensive cloud security assessment completed" echo "[+] Results saved in: $OUTPUT_DIR" echo "[+] Open $REPORT_DIR/executive-summary.html for overview" ```_
Multi-Cloud-Angriffspfad-Entdeckung
```bash
!/bin/bash
Multi-cloud attack path discovery and analysis
TARGET_ENVIRONMENT="$1" ATTACK_SCENARIO="$2" OUTPUT_DIR="attack_path_analysis_$(date +%Y%m%d_%H%M%S)"
| if [ -z "$TARGET_ENVIRONMENT" ] | | [ -z "$ATTACK_SCENARIO" ]; then |
echo "Usage: $0
mkdir -p "$OUTPUT_DIR"
Function to discover attack paths
discover_attack_paths() \\{ local environment="$1" local scenario="$2" local output_file="$OUTPUT_DIR/attack_paths_$\\{environment\\}_$\\{scenario\\}.json"
echo "[+] Discovering attack paths for $environment environment, scenario: $scenario"
# Configure environment-specific settings
case "$environment" in
"production")
config_file="config/production.yaml"
;;
"staging")
config_file="config/staging.yaml"
;;
"development")
config_file="config/development.yaml"
;;
"all")
config_file="config/all-environments.yaml"
;;
*)
echo "[-] Unknown environment: $environment"
return 1
;;
esac
# Perform attack path discovery
python cloud_scout.py discover-attack-paths \
--config "$config_file" \
--scenario "$scenario" \
--deep-analysis \
--include-cross-cloud \
--output "$output_file"
if [ $? -eq 0 ]; then
echo " [+] Attack paths discovered: $output_file"
# Analyze path complexity
python cloud_scout.py analyze-path-complexity \
--input "$output_file" \
--output "$OUTPUT_DIR/complexity_analysis_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"
# Calculate risk scores
python cloud_scout.py calculate-risk-scores \
--input "$output_file" \
--risk-factors config/risk-factors.yaml \
--output "$OUTPUT_DIR/risk_scores_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"
return 0
else
echo " [-] Failed to discover attack paths for $environment"
return 1
fi
\\}
Function to analyze privilege escalation paths
analyze_privilege_escalation() \\{ echo "[+] Analyzing privilege escalation paths"
# AWS privilege escalation
python cloud_scout.py analyze-aws-privesc \
--include-iam-policies \
--include-assume-role \
--include-cross-account \
--output "$OUTPUT_DIR/aws-privesc-paths.json"
# Azure privilege escalation
python cloud_scout.py analyze-azure-privesc \
--include-rbac \
--include-managed-identity \
--include-service-principal \
--output "$OUTPUT_DIR/azure-privesc-paths.json"
# GCP privilege escalation
python cloud_scout.py analyze-gcp-privesc \
--include-iam-bindings \
--include-service-accounts \
--include-workload-identity \
--output "$OUTPUT_DIR/gcp-privesc-paths.json"
# Cross-cloud privilege escalation
python cloud_scout.py analyze-cross-cloud-privesc \
--aws-input "$OUTPUT_DIR/aws-privesc-paths.json" \
--azure-input "$OUTPUT_DIR/azure-privesc-paths.json" \
--gcp-input "$OUTPUT_DIR/gcp-privesc-paths.json" \
--output "$OUTPUT_DIR/cross-cloud-privesc-paths.json"
\\}
Function to analyze lateral movement paths
analyze_lateral_movement() \\{ echo "[+] Analyzing lateral movement paths"
# Network-based lateral movement
python cloud_scout.py analyze-network-lateral-movement \
--include-vpc-peering \
--include-transit-gateway \
--include-vpn-connections \
--output "$OUTPUT_DIR/network-lateral-movement.json"
# Service-based lateral movement
python cloud_scout.py analyze-service-lateral-movement \
--include-lambda-functions \
--include-container-services \
--include-database-connections \
--output "$OUTPUT_DIR/service-lateral-movement.json"
# Identity-based lateral movement
python cloud_scout.py analyze-identity-lateral-movement \
--include-shared-credentials \
--include-federated-access \
--include-service-accounts \
--output "$OUTPUT_DIR/identity-lateral-movement.json"
\\}
Function to analyze data exfiltration paths
analyze_data_exfiltration() \\{ echo "[+] Analyzing data exfiltration paths"
# Storage-based exfiltration
python cloud_scout.py analyze-storage-exfiltration \
--include-s3-buckets \
--include-blob-storage \
--include-cloud-storage \
--check-public-access \
--output "$OUTPUT_DIR/storage-exfiltration.json"
# Database exfiltration
python cloud_scout.py analyze-database-exfiltration \
--include-rds \
--include-sql-database \
--include-cloud-sql \
--check-backup-access \
--output "$OUTPUT_DIR/database-exfiltration.json"
# API-based exfiltration
python cloud_scout.py analyze-api-exfiltration \
--include-api-gateways \
--include-function-apps \
--include-cloud-functions \
--output "$OUTPUT_DIR/api-exfiltration.json"
\\}
Function to generate attack path report
generate_attack_path_report() \\{ echo "[+] Generating comprehensive attack path report"
# Combine all attack path data
python cloud_scout.py combine-attack-paths \
--input-dir "$OUTPUT_DIR" \
--output "$OUTPUT_DIR/combined-attack-paths.json"
# Generate interactive visualization
python cloud_scout.py visualize-attack-paths \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--output "$OUTPUT_DIR/attack-paths-visualization.html" \
--interactive \
--color-by-risk \
--include-filters
# Generate detailed report
python cloud_scout.py generate-attack-path-report \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--template detailed \
--output "$OUTPUT_DIR/attack-path-report.html" \
--include-remediation \
--include-mitre-mapping
# Generate executive summary
python cloud_scout.py generate-executive-summary \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--output "$OUTPUT_DIR/executive-summary.html" \
--focus-high-risk
# Export to MITRE ATT&CK; format
python cloud_scout.py export-mitre-attack \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--output "$OUTPUT_DIR/mitre-attack-mapping.json"
\\}
Function to prioritize remediation
prioritize_remediation() \\{ echo "[+] Prioritizing remediation actions"
python cloud_scout.py prioritize-remediation \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--risk-threshold 8 \
--business-impact-weights config/business-impact.yaml \
--output "$OUTPUT_DIR/remediation-priorities.json"
# Generate remediation roadmap
python cloud_scout.py generate-remediation-roadmap \
--input "$OUTPUT_DIR/remediation-priorities.json" \
--timeline 90 \
--resource-constraints config/resource-constraints.yaml \
--output "$OUTPUT_DIR/remediation-roadmap.html"
\\}
Main execution
echo "[+] Starting multi-cloud attack path discovery" echo "[+] Target environment: $TARGET_ENVIRONMENT" echo "[+] Attack scenario: $ATTACK_SCENARIO"
Check dependencies
| if ! command -v python &> /dev/null | | ! python -c "import cloud_scout" 2>/dev/null; then | echo "[-] Cloud Scout not found or not properly installed" exit 1 fi
Discover attack paths based on scenario
case "$ATTACK_SCENARIO" in "privilege-escalation") discover_attack_paths "$TARGET_ENVIRONMENT" "privilege-escalation" analyze_privilege_escalation ;; "lateral-movement") discover_attack_paths "$TARGET_ENVIRONMENT" "lateral-movement" analyze_lateral_movement ;; "data-exfiltration") discover_attack_paths "$TARGET_ENVIRONMENT" "data-exfiltration" analyze_data_exfiltration ;; "persistence") discover_attack_paths "$TARGET_ENVIRONMENT" "persistence" ;; "all") discover_attack_paths "$TARGET_ENVIRONMENT" "privilege-escalation" discover_attack_paths "$TARGET_ENVIRONMENT" "lateral-movement" discover_attack_paths "$TARGET_ENVIRONMENT" "data-exfiltration" discover_attack_paths "$TARGET_ENVIRONMENT" "persistence" analyze_privilege_escalation analyze_lateral_movement analyze_data_exfiltration ;; *) echo "[-] Unknown attack scenario: $ATTACK_SCENARIO" exit 1 ;; esac
Generate reports and prioritize remediation
generate_attack_path_report prioritize_remediation
echo "[+] Multi-cloud attack path discovery completed" echo "[+] Results saved in: $OUTPUT_DIR" echo "[+] Open $OUTPUT_DIR/attack-paths-visualization.html for interactive analysis" ```_
kontinuierliche Überwachung der Cloud-Sicherheit
```bash
!/bin/bash
Continuous cloud security monitoring with Cloud Scout
MONITORING_CONFIG="config/monitoring.yaml" LOG_DIR="monitoring_logs" ALERT_WEBHOOK="$1" CHECK_INTERVAL=3600 # 1 hour
if [ -z "$ALERT_WEBHOOK" ]; then
echo "Usage: $0
mkdir -p "$LOG_DIR"
Function to perform security monitoring scan
perform_monitoring_scan() \\{ local timestamp=$(date +%Y%m%d_%H%M%S) local scan_output="$LOG_DIR/scan_$timestamp.json" local baseline_file="$LOG_DIR/baseline.json"
echo "[+] Performing security monitoring scan at $(date)"
# Perform comprehensive scan
python cloud_scout.py monitor-scan \
--config "$MONITORING_CONFIG" \
--output "$scan_output" \
--include-all-providers \
--deep-scan
if [ $? -ne 0 ]; then
echo "[-] Monitoring scan failed"
return 1
fi
# Compare with baseline if it exists
if [ -f "$baseline_file" ]; then
echo " [+] Comparing with baseline"
local changes_file="$LOG_DIR/changes_$timestamp.json"
python cloud_scout.py compare-scans \
--baseline "$baseline_file" \
--current "$scan_output" \
--output "$changes_file"
# Analyze changes for security implications
analyze_security_changes "$changes_file" "$timestamp"
else
echo " [+] Creating initial baseline"
cp "$scan_output" "$baseline_file"
fi
# Update baseline if significant time has passed
| local baseline_age=$(stat -c %Y "$baseline_file" 2>/dev/null | | echo 0) | local current_time=$(date +%s) local age_hours=$(( (current_time - baseline_age) / 3600 ))
if [ $age_hours -gt 168 ]; then # 1 week
echo " [+] Updating baseline (age: $\\\\{age_hours\\\\} hours)"
cp "$scan_output" "$baseline_file"
fi
return 0
\\}
Function to analyze security changes
analyze_security_changes() \\{ local changes_file="$1" local timestamp="$2" local analysis_file="$LOG_DIR/analysis_$timestamp.json"
echo " [+] Analyzing security changes"
# Perform security impact analysis
python cloud_scout.py analyze-security-changes \
--input "$changes_file" \
--risk-assessment \
--attack-path-impact \
--output "$analysis_file"
# Check for high-risk changes
local high_risk_count=$(python cloud_scout.py count-high-risk-changes \
--input "$analysis_file" \
--threshold 8)
if [ "$high_risk_count" -gt 0 ]; then
echo " [!] High-risk changes detected: $high_risk_count"
send_security_alert "HIGH_RISK_CHANGES" "$high_risk_count" "$analysis_file"
fi
# Check for new attack paths
local new_attack_paths=$(python cloud_scout.py detect-new-attack-paths \
--input "$analysis_file" \
--output "$LOG_DIR/new_attack_paths_$timestamp.json")
if [ "$new_attack_paths" -gt 0 ]; then
echo " [!] New attack paths detected: $new_attack_paths"
send_security_alert "NEW_ATTACK_PATHS" "$new_attack_paths" "$LOG_DIR/new_attack_paths_$timestamp.json"
fi
# Check for compliance violations
local compliance_violations=$(python cloud_scout.py check-compliance-violations \
--input "$analysis_file" \
--frameworks cis,nist \
--output "$LOG_DIR/compliance_violations_$timestamp.json")
if [ "$compliance_violations" -gt 0 ]; then
echo " [!] Compliance violations detected: $compliance_violations"
send_security_alert "COMPLIANCE_VIOLATIONS" "$compliance_violations" "$LOG_DIR/compliance_violations_$timestamp.json"
fi
\\}
Function to send security alerts
send_security_alert() \\{ local alert_type="$1" local count="$2" local details_file="$3"
echo "[!] Sending security alert: $alert_type"
# Create alert message
local message="🚨 Cloud Security Alert: $alert_type detected ($count items) at $(date)"
# Send to webhook
if [ -n "$ALERT_WEBHOOK" ]; then
curl -X POST -H 'Content-type: application/json' \
--data "\\\\{\"text\":\"$message\"\\\\}" \
| "$ALERT_WEBHOOK" 2>/dev/null | | echo "Webhook alert failed" | fi
# Send email if configured
if [ -n "$ALERT_EMAIL" ]; then
echo "$message"|mail -s "Cloud Security Alert: $alert_type" \
| -A "$details_file" "$ALERT_EMAIL" 2>/dev/null | | echo "Email alert failed" | fi
# Log alert
echo "$(date): $alert_type - $count items" >> "$LOG_DIR/alerts.log"
\\}
Function to generate monitoring report
generate_monitoring_report() \\{ echo "[+] Generating monitoring report"
local report_file="$LOG_DIR/monitoring_report_$(date +%Y%m%d).html"
# Collect recent scan data
python cloud_scout.py generate-monitoring-report \
--input-dir "$LOG_DIR" \
--timeframe 24h \
--output "$report_file" \
--include-trends \
--include-alerts
echo " [+] Monitoring report generated: $report_file"
\\}
Function to cleanup old logs
cleanup_logs() \\{ echo "[+] Cleaning up old monitoring logs"
# Keep logs for 30 days
find "$LOG_DIR" -name "scan_*.json" -mtime +30 -delete
find "$LOG_DIR" -name "changes_*.json" -mtime +30 -delete
find "$LOG_DIR" -name "analysis_*.json" -mtime +30 -delete
# Keep reports for 90 days
find "$LOG_DIR" -name "monitoring_report_*.html" -mtime +90 -delete
\\}
Function to check system health
check_system_health() \\{ echo "[+] Checking system health"
# Check Cloud Scout installation
if ! python -c "import cloud_scout" 2>/dev/null; then
echo "[-] Cloud Scout not available"
send_security_alert "SYSTEM_ERROR" "1" "/dev/null"
return 1
fi
# Check cloud provider connectivity
local connectivity_issues=0
if ! python cloud_scout.py test-aws-connectivity 2>/dev/null; then
echo "[-] AWS connectivity issues"
connectivity_issues=$((connectivity_issues + 1))
fi
if ! python cloud_scout.py test-azure-connectivity 2>/dev/null; then
echo "[-] Azure connectivity issues"
connectivity_issues=$((connectivity_issues + 1))
fi
if ! python cloud_scout.py test-gcp-connectivity 2>/dev/null; then
echo "[-] GCP connectivity issues"
connectivity_issues=$((connectivity_issues + 1))
fi
if [ $connectivity_issues -gt 0 ]; then
send_security_alert "CONNECTIVITY_ISSUES" "$connectivity_issues" "/dev/null"
fi
# Check disk space
| local disk_usage=$(df "$LOG_DIR" | awk 'NR==2 \\{print $5\\}' | sed 's/%//') | if [ "$disk_usage" -gt 90 ]; then echo "[-] Disk space critical: $\\{disk_usage\\}%" send_security_alert "DISK_SPACE_CRITICAL" "$disk_usage" "/dev/null" fi
return 0
\\}
Main monitoring loop
echo "[+] Starting continuous cloud security monitoring" echo "[+] Check interval: $((CHECK_INTERVAL / 60)) minutes" echo "[+] Alert webhook: $ALERT_WEBHOOK"
while true; do echo "[+] Starting monitoring cycle at $(date)"
# Check system health
if check_system_health; then
# Perform monitoring scan
if perform_monitoring_scan; then
echo " [+] Monitoring scan completed successfully"
else
echo " [-] Monitoring scan failed"
send_security_alert "SCAN_FAILURE" "1" "/dev/null"
fi
fi
# Generate daily report and cleanup
if [ "$(date +%H)" = "06" ]; then # 6 AM
generate_monitoring_report
cleanup_logs
fi
echo "[+] Monitoring cycle completed at $(date)"
echo "[+] Next check in $((CHECK_INTERVAL / 60)) minutes"
sleep "$CHECK_INTERVAL"
done ```_
Integration mit anderen Tools
SIEM Integration
```bash
Export Cloud Scout data to SIEM formats
python cloud_scout.py export-siem \ --format splunk \ --input scan-results.json \ --output cloud-scout-events.json
Send alerts to SIEM
python cloud_scout.py send-siem-alert \ --siem-endpoint https://siem.company.com/api \ --alert-data high-risk-findings.json ```_
Integration von Terrain
```bash
Generate Terraform remediation code
python cloud_scout.py generate-terraform \ --input security-findings.json \ --output remediation.tf
Validate Terraform against Cloud Scout policies
python cloud_scout.py validate-terraform \ --terraform-dir ./infrastructure \ --policies config/security-policies.yaml ```_
CI/CD Pipeline Integration
```bash
Cloud Scout in CI/CD pipeline
python cloud_scout.py pipeline-scan \ --config config/pipeline.yaml \ --fail-on-high-risk \ --output pipeline-results.json
Generate security gates
python cloud_scout.py generate-security-gates \ --input pipeline-results.json \ --output security-gates.yaml ```_
Fehlerbehebung
Gemeinsame Themen
Authentication Probleme
```bash
Check AWS credentials
aws sts get-caller-identity
Check Azure authentication
az account show
Check GCP authentication
gcloud auth list
Test Cloud Scout authentication
python cloud_scout.py test-auth --all-providers ```_
Leistungsfragen
```bash
Optimize scan performance
python cloud_scout.py optimize-scan \ --max-threads 20 \ --batch-size 100 \ --timeout 300
Monitor resource usage
python cloud_scout.py monitor-resources \ --output resource-usage.log ```_
Probleme der Datenerhebung
```bash
Debug data collection
python cloud_scout.py debug-collection \ --provider aws \ --region us-east-1 \ --verbose
Validate collected data
python cloud_scout.py validate-data \ --input scan-results.json \ --output validation-report.json ```_
Ressourcen
- Cloud Scout GitHub Repository
- (__LINK_7___)
- (__LINK_7___)
- AWS Sicherheitsdokumentation
- (__LINK_7___)
- GCP-Sicherheitsdokumentation
- [MITRE ATT&CK; Cloud Matrix](__LINK_7___
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Cloud Scout zur Cloud-Sicherheits-Mapping und Angriffspfad-Visualisierung. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Autorisierung vor dem Scannen von Cloud-Umgebungen haben. *