Hoja de Cheat Scout de Nube
"Clase de la hoja" idbutton id="cloud-scout-copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="cloud-scout-pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
Cloud Scout es una herramienta de código abierto desarrollada por Sygnia para el mapeo de seguridad en la nube y la visualización de la ruta de ataque en entornos de nube híbridos. Esta plataforma integral proporciona a los equipos de seguridad la capacidad de mapear infraestructura en la nube, identificar caminos de ataque y visualizar posibles riesgos de seguridad en entornos de AWS, Azure y Google Cloud Platform. Cloud Scout destaca al proporcionar una visión unificada de la postura de seguridad en la nube combinando datos de múltiples proveedores de la nube y de la infraestructura local para crear un análisis integral de la trayectoria de ataque y capacidades de mapeo de seguridad.
NOVEDAD Advertencia: Cloud Scout requiere permisos adecuados para acceder a los recursos de la nube. Únicamente utilice esta herramienta contra entornos en la nube que posee o tenga permiso escrito explícito para evaluar. El escaneo de nubes no autorizado puede violar términos de servicio y leyes locales.
Instalación y configuración
Prerrequisitos
# Install Python 3.8 or higher
python3 --version
# Install pip and virtualenv
sudo apt update
sudo apt install python3-pip python3-venv
# Install Node.js for web interface
curl -fsSL https://deb.nodesource.com/setup_18.x|sudo -E bash -
sudo apt-get install -y nodejs
# Install Docker for containerized deployment
sudo apt install docker.io docker-compose
sudo usermod -aG docker $USER
Instalación desde Fuente
# Clone Cloud Scout repository
git clone https://github.com/Sygnia/cloud-scout.git
cd cloud-scout
# Create virtual environment
python3 -m venv cloud-scout-env
source cloud-scout-env/bin/activate
# Install dependencies
pip install -r requirements.txt
# Install additional dependencies for cloud providers
pip install boto3 azure-identity azure-mgmt-resource google-cloud-asset
# Verify installation
python cloud_scout.py --help
Docker Instalación
# Pull Cloud Scout Docker image
docker pull sygnia/cloud-scout:latest
# Run Cloud Scout in Docker
docker run -it --rm \
-v $(pwd)/config:/app/config \
-v $(pwd)/output:/app/output \
-p 8080:8080 \
sygnia/cloud-scout:latest
# Create Docker Compose setup
cat > docker-compose.yml << 'EOF'
version: '3.8'
services:
cloud-scout:
image: sygnia/cloud-scout:latest
ports:
- "8080:8080"
volumes:
- ./config:/app/config
- ./output:/app/output
- ./data:/app/data
environment:
- CLOUD_SCOUT_CONFIG=/app/config/config.yaml
EOF
# Start with Docker Compose
docker-compose up -d
Configuración de proveedores de cloud
Configuración AWS
# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
# Configure AWS credentials
aws configure
# Enter Access Key ID, Secret Access Key, Region, Output format
# Create IAM policy for Cloud Scout
cat > cloud-scout-policy.json << 'EOF'
\\\\{
"Version": "2012-10-17",
"Statement": [
\\\\{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"iam:List*",
"iam:Get*",
"s3:List*",
"s3:Get*",
"rds:Describe*",
"lambda:List*",
"lambda:Get*",
"cloudformation:List*",
"cloudformation:Describe*",
"cloudtrail:Describe*",
"cloudtrail:Get*",
"organizations:List*",
"organizations:Describe*"
],
"Resource": "*"
\\\\}
]
\\\\}
EOF
# Create IAM user and attach policy
aws iam create-user --user-name cloud-scout-user
aws iam put-user-policy --user-name cloud-scout-user --policy-name CloudScoutPolicy --policy-document file://cloud-scout-policy.json
aws iam create-access-key --user-name cloud-scout-user
Configuración de Azure
# Install Azure CLI
curl -sL https://aka.ms/InstallAzureCLIDeb|sudo bash
# Login to Azure
az login
# Create service principal for Cloud Scout
az ad sp create-for-rbac --name "cloud-scout-sp" --role "Reader" --scopes "/subscriptions/$(az account show --query id -o tsv)"
# Grant additional permissions
az role assignment create --assignee <service-principal-id> --role "Security Reader" --scope "/subscriptions/$(az account show --query id -o tsv)"
# Set environment variables
export AZURE_CLIENT_ID="<client-id>"
export AZURE_CLIENT_SECRET="<client-secret>"
export AZURE_TENANT_ID="<tenant-id>"
export AZURE_SUBSCRIPTION_ID="<subscription-id>"
Configuración de la plataforma de Google Cloud
# Install Google Cloud SDK
curl https://sdk.cloud.google.com|bash
exec -l $SHELL
# Initialize gcloud
gcloud init
# Create service account
gcloud iam service-accounts create cloud-scout-sa --display-name="Cloud Scout Service Account"
# Grant necessary roles
gcloud projects add-iam-policy-binding PROJECT_ID \
--member="serviceAccount:cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/viewer"
gcloud projects add-iam-policy-binding PROJECT_ID \
--member="serviceAccount:cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/security.securityReviewer"
# Create and download service account key
gcloud iam service-accounts keys create cloud-scout-key.json \
--iam-account=cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com
# Set environment variable
export GOOGLE_APPLICATION_CREDENTIALS="$(pwd)/cloud-scout-key.json"
Configuración
Configuración básica
# config/config.yaml
cloud_scout:
# General settings
output_directory: "./output"
log_level: "INFO"
max_threads: 10
# Cloud providers
providers:
aws:
enabled: true
regions: ["us-east-1", "us-west-2", "eu-west-1"]
accounts: ["123456789012"]
azure:
enabled: true
subscriptions: ["subscription-id-1", "subscription-id-2"]
gcp:
enabled: true
projects: ["project-id-1", "project-id-2"]
# Data collection settings
collection:
compute_instances: true
storage_buckets: true
databases: true
network_resources: true
iam_resources: true
security_groups: true
load_balancers: true
dns_records: true
# Analysis settings
analysis:
attack_paths: true
privilege_escalation: true
lateral_movement: true
data_exfiltration: true
persistence_mechanisms: true
# Visualization settings
visualization:
web_interface: true
port: 8080
export_formats: ["json", "csv", "graphml"]
Configuración avanzada
# config/advanced-config.yaml
cloud_scout:
# Advanced collection settings
collection:
deep_scan: true
include_metadata: true
scan_interval: 3600 # seconds
# Resource-specific settings
compute:
include_stopped_instances: true
scan_instance_metadata: true
check_user_data: true
storage:
scan_bucket_policies: true
check_public_access: true
analyze_encryption: true
network:
map_vpc_peering: true
analyze_security_groups: true
check_nacls: true
scan_route_tables: true
iam:
analyze_policies: true
check_cross_account_access: true
map_role_assumptions: true
scan_service_accounts: true
# Attack path analysis
attack_paths:
algorithms:
- "shortest_path"
- "privilege_escalation"
- "lateral_movement"
- "data_access"
risk_scoring:
enabled: true
factors:
- "exposure_level"
- "privilege_level"
- "data_sensitivity"
- "attack_complexity"
filters:
min_risk_score: 5
max_path_length: 10
exclude_low_impact: true
# Reporting settings
reporting:
formats: ["html", "pdf", "json"]
include_remediation: true
executive_summary: true
technical_details: true
templates:
executive: "templates/executive.html"
technical: "templates/technical.html"
compliance: "templates/compliance.html"
Uso básico
Mapping en la nube inicial
# Basic cloud mapping across all configured providers
python cloud_scout.py map --all-providers
# Map specific cloud provider
python cloud_scout.py map --provider aws
python cloud_scout.py map --provider azure
python cloud_scout.py map --provider gcp
# Map specific regions/subscriptions/projects
python cloud_scout.py map --provider aws --regions us-east-1,us-west-2
python cloud_scout.py map --provider azure --subscriptions sub-id-1
python cloud_scout.py map --provider gcp --projects project-1,project-2
# Map with specific resource types
python cloud_scout.py map --resources compute,storage,network
Análisis del camino de ataque
# Analyze attack paths across all mapped resources
python cloud_scout.py analyze --attack-paths
# Analyze specific attack scenarios
python cloud_scout.py analyze --scenario privilege-escalation
python cloud_scout.py analyze --scenario lateral-movement
python cloud_scout.py analyze --scenario data-exfiltration
# Analyze with risk scoring
python cloud_scout.py analyze --risk-scoring --min-score 7
# Generate attack path report
python cloud_scout.py analyze --output-format html --report-type attack-paths
Evaluación de la seguridad
# Comprehensive security assessment
python cloud_scout.py assess --comprehensive
# Assess specific security domains
python cloud_scout.py assess --domains iam,network,storage
python cloud_scout.py assess --domains compute,database
# Compliance assessment
python cloud_scout.py assess --compliance cis-aws
python cloud_scout.py assess --compliance nist-csf
python cloud_scout.py assess --compliance iso27001
# Custom security checks
python cloud_scout.py assess --custom-checks config/custom-checks.yaml
Características avanzadas
Multi-Cloud Environment Mapping
# Map hybrid cloud environment
python cloud_scout.py map-hybrid \
--aws-accounts 123456789012,987654321098 \
--azure-subscriptions sub-1,sub-2 \
--gcp-projects project-1,project-2 \
--include-on-premises
# Cross-cloud relationship analysis
python cloud_scout.py analyze-relationships \
--cross-cloud \
--include-vpn-connections \
--include-peering
# Multi-cloud attack path analysis
python cloud_scout.py analyze-attack-paths \
--multi-cloud \
--include-cross-cloud-paths \
--risk-threshold 8
Visualización avanzada
# Generate interactive visualization
python cloud_scout.py visualize \
--interactive \
--include-attack-paths \
--color-by-risk
# Export to graph formats
python cloud_scout.py export \
--format graphml \
--include-metadata \
--output cloud-topology.graphml
# Generate network diagrams
python cloud_scout.py diagram \
--type network \
--provider aws \
--region us-east-1 \
--output network-diagram.png
Supervisión continua
# Set up continuous monitoring
python cloud_scout.py monitor \
--interval 3600 \
--alert-on-changes \
--webhook-url https://hooks.slack.com/services/...
# Compare cloud states
python cloud_scout.py compare \
--baseline baseline-20231201.json \
--current current-scan.json \
--output-diff changes-report.html
# Automated reporting
python cloud_scout.py report \
--schedule daily \
--email-recipients security@company.com \
--include-executive-summary
Scripts de automatización
Evaluación completa de la seguridad en la nube
#!/bin/bash
# Comprehensive cloud security assessment using Cloud Scout
ASSESSMENT_NAME="$1"
OUTPUT_DIR="cloud_assessment_$(date +%Y%m%d_%H%M%S)"
REPORT_DIR="$OUTPUT_DIR/reports"
DATA_DIR="$OUTPUT_DIR/data"
if [ -z "$ASSESSMENT_NAME" ]; then
echo "Usage: $0 <assessment_name>"
echo "Example: $0 'Q4_2023_Security_Assessment'"
exit 1
fi
mkdir -p "$REPORT_DIR" "$DATA_DIR"
# Function to perform cloud mapping
perform_cloud_mapping() \\\\{
echo "[+] Starting cloud mapping phase"
# Map AWS environments
if python cloud_scout.py check-provider --provider aws; then
echo " [+] Mapping AWS environment"
python cloud_scout.py map \
--provider aws \
--all-regions \
--output "$DATA_DIR/aws-mapping.json" \
--verbose
fi
# Map Azure environments
if python cloud_scout.py check-provider --provider azure; then
echo " [+] Mapping Azure environment"
python cloud_scout.py map \
--provider azure \
--all-subscriptions \
--output "$DATA_DIR/azure-mapping.json" \
--verbose
fi
# Map GCP environments
if python cloud_scout.py check-provider --provider gcp; then
echo " [+] Mapping GCP environment"
python cloud_scout.py map \
--provider gcp \
--all-projects \
--output "$DATA_DIR/gcp-mapping.json" \
--verbose
fi
# Combine mappings
python cloud_scout.py combine-mappings \
--input-dir "$DATA_DIR" \
--output "$DATA_DIR/combined-mapping.json"
echo "[+] Cloud mapping completed"
\\\\}
# Function to analyze attack paths
analyze_attack_paths() \\\\{
echo "[+] Starting attack path analysis"
# Comprehensive attack path analysis
python cloud_scout.py analyze-attack-paths \
--input "$DATA_DIR/combined-mapping.json" \
--all-scenarios \
--risk-scoring \
--output "$DATA_DIR/attack-paths.json"
# Privilege escalation analysis
python cloud_scout.py analyze-privilege-escalation \
--input "$DATA_DIR/combined-mapping.json" \
--include-cross-account \
--output "$DATA_DIR/privilege-escalation.json"
# Lateral movement analysis
python cloud_scout.py analyze-lateral-movement \
--input "$DATA_DIR/combined-mapping.json" \
--include-network-paths \
--output "$DATA_DIR/lateral-movement.json"
# Data exfiltration analysis
python cloud_scout.py analyze-data-exfiltration \
--input "$DATA_DIR/combined-mapping.json" \
--include-storage-access \
--output "$DATA_DIR/data-exfiltration.json"
echo "[+] Attack path analysis completed"
\\\\}
# Function to perform security assessment
perform_security_assessment() \\\\{
echo "[+] Starting security assessment"
# CIS benchmark assessment
python cloud_scout.py assess-compliance \
--framework cis \
--input "$DATA_DIR/combined-mapping.json" \
--output "$DATA_DIR/cis-assessment.json"
# NIST CSF assessment
python cloud_scout.py assess-compliance \
--framework nist-csf \
--input "$DATA_DIR/combined-mapping.json" \
--output "$DATA_DIR/nist-assessment.json"
# Custom security checks
python cloud_scout.py assess-security \
--custom-checks config/security-checks.yaml \
--input "$DATA_DIR/combined-mapping.json" \
--output "$DATA_DIR/security-assessment.json"
# Risk assessment
python cloud_scout.py assess-risk \
--input "$DATA_DIR/combined-mapping.json" \
--include-attack-paths "$DATA_DIR/attack-paths.json" \
--output "$DATA_DIR/risk-assessment.json"
echo "[+] Security assessment completed"
\\\\}
# Function to generate reports
generate_reports() \\\\{
echo "[+] Generating comprehensive reports"
# Executive summary report
python cloud_scout.py generate-report \
--template executive \
--input-dir "$DATA_DIR" \
--output "$REPORT_DIR/executive-summary.html" \
--title "$ASSESSMENT_NAME - Executive Summary"
# Technical report
python cloud_scout.py generate-report \
--template technical \
--input-dir "$DATA_DIR" \
--output "$REPORT_DIR/technical-report.html" \
--title "$ASSESSMENT_NAME - Technical Report" \
--include-remediation
# Attack path report
python cloud_scout.py generate-report \
--template attack-paths \
--input "$DATA_DIR/attack-paths.json" \
--output "$REPORT_DIR/attack-paths-report.html" \
--include-visualizations
# Compliance report
python cloud_scout.py generate-report \
--template compliance \
--input-dir "$DATA_DIR" \
--output "$REPORT_DIR/compliance-report.html" \
--frameworks cis,nist-csf
# Generate PDF reports
for html_file in "$REPORT_DIR"/*.html; do
pdf_file="$\\\\{html_file%.html\\\\}.pdf"
wkhtmltopdf "$html_file" "$pdf_file" 2>/dev/null||\
echo "Warning: Could not generate PDF for $(basename "$html_file")"
done
echo "[+] Report generation completed"
\\\\}
# Function to create visualizations
create_visualizations() \\\\{
echo "[+] Creating visualizations"
# Network topology visualization
python cloud_scout.py visualize-topology \
--input "$DATA_DIR/combined-mapping.json" \
--output "$REPORT_DIR/network-topology.html" \
--interactive
# Attack path visualization
python cloud_scout.py visualize-attack-paths \
--input "$DATA_DIR/attack-paths.json" \
--output "$REPORT_DIR/attack-paths-visualization.html" \
--color-by-risk
# Risk heatmap
python cloud_scout.py generate-heatmap \
--input "$DATA_DIR/risk-assessment.json" \
--output "$REPORT_DIR/risk-heatmap.png" \
--dimensions provider,service,risk-level
# Export to graph formats
python cloud_scout.py export-graph \
--input "$DATA_DIR/combined-mapping.json" \
--format graphml \
--output "$DATA_DIR/cloud-topology.graphml"
echo "[+] Visualization creation completed"
\\\\}
# Function to generate summary
generate_summary() \\\\{
echo "[+] Generating assessment summary"
cat > "$OUTPUT_DIR/assessment-summary.txt" << EOF
Cloud Security Assessment Summary
================================
Assessment Name: $ASSESSMENT_NAME
Date: $(date)
Output Directory: $OUTPUT_DIR
Files Generated:
- Data Files: $DATA_DIR/
- Reports: $REPORT_DIR/
- Visualizations: $REPORT_DIR/
Key Findings:
$(python cloud_scout.py summarize --input-dir "$DATA_DIR" --format text)
Next Steps:
1. Review executive summary report
2. Analyze attack path visualizations
3. Implement high-priority remediation items
4. Schedule follow-up assessment
EOF
echo "[+] Assessment summary generated: $OUTPUT_DIR/assessment-summary.txt"
\\\\}
# Main execution
echo "[+] Starting comprehensive cloud security assessment: $ASSESSMENT_NAME"
# Check dependencies
if ! command -v python &> /dev/null||! python -c "import cloud_scout" 2>/dev/null; then
echo "[-] Cloud Scout not found or not properly installed"
exit 1
fi
# Perform assessment phases
perform_cloud_mapping
analyze_attack_paths
perform_security_assessment
generate_reports
create_visualizations
generate_summary
echo "[+] Comprehensive cloud security assessment completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $REPORT_DIR/executive-summary.html for overview"
Multi-Cloud Path Discovery
#!/bin/bash
# Multi-cloud attack path discovery and analysis
TARGET_ENVIRONMENT="$1"
ATTACK_SCENARIO="$2"
OUTPUT_DIR="attack_path_analysis_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET_ENVIRONMENT" ]||[ -z "$ATTACK_SCENARIO" ]; then
echo "Usage: $0 <target_environment> <attack_scenario>"
echo "Environments: production, staging, development, all"
echo "Scenarios: privilege-escalation, lateral-movement, data-exfiltration, persistence, all"
exit 1
fi
mkdir -p "$OUTPUT_DIR"
# Function to discover attack paths
discover_attack_paths() \\\\{
local environment="$1"
local scenario="$2"
local output_file="$OUTPUT_DIR/attack_paths_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"
echo "[+] Discovering attack paths for $environment environment, scenario: $scenario"
# Configure environment-specific settings
case "$environment" in
"production")
config_file="config/production.yaml"
;;
"staging")
config_file="config/staging.yaml"
;;
"development")
config_file="config/development.yaml"
;;
"all")
config_file="config/all-environments.yaml"
;;
*)
echo "[-] Unknown environment: $environment"
return 1
;;
esac
# Perform attack path discovery
python cloud_scout.py discover-attack-paths \
--config "$config_file" \
--scenario "$scenario" \
--deep-analysis \
--include-cross-cloud \
--output "$output_file"
if [ $? -eq 0 ]; then
echo " [+] Attack paths discovered: $output_file"
# Analyze path complexity
python cloud_scout.py analyze-path-complexity \
--input "$output_file" \
--output "$OUTPUT_DIR/complexity_analysis_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"
# Calculate risk scores
python cloud_scout.py calculate-risk-scores \
--input "$output_file" \
--risk-factors config/risk-factors.yaml \
--output "$OUTPUT_DIR/risk_scores_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"
return 0
else
echo " [-] Failed to discover attack paths for $environment"
return 1
fi
\\\\}
# Function to analyze privilege escalation paths
analyze_privilege_escalation() \\\\{
echo "[+] Analyzing privilege escalation paths"
# AWS privilege escalation
python cloud_scout.py analyze-aws-privesc \
--include-iam-policies \
--include-assume-role \
--include-cross-account \
--output "$OUTPUT_DIR/aws-privesc-paths.json"
# Azure privilege escalation
python cloud_scout.py analyze-azure-privesc \
--include-rbac \
--include-managed-identity \
--include-service-principal \
--output "$OUTPUT_DIR/azure-privesc-paths.json"
# GCP privilege escalation
python cloud_scout.py analyze-gcp-privesc \
--include-iam-bindings \
--include-service-accounts \
--include-workload-identity \
--output "$OUTPUT_DIR/gcp-privesc-paths.json"
# Cross-cloud privilege escalation
python cloud_scout.py analyze-cross-cloud-privesc \
--aws-input "$OUTPUT_DIR/aws-privesc-paths.json" \
--azure-input "$OUTPUT_DIR/azure-privesc-paths.json" \
--gcp-input "$OUTPUT_DIR/gcp-privesc-paths.json" \
--output "$OUTPUT_DIR/cross-cloud-privesc-paths.json"
\\\\}
# Function to analyze lateral movement paths
analyze_lateral_movement() \\\\{
echo "[+] Analyzing lateral movement paths"
# Network-based lateral movement
python cloud_scout.py analyze-network-lateral-movement \
--include-vpc-peering \
--include-transit-gateway \
--include-vpn-connections \
--output "$OUTPUT_DIR/network-lateral-movement.json"
# Service-based lateral movement
python cloud_scout.py analyze-service-lateral-movement \
--include-lambda-functions \
--include-container-services \
--include-database-connections \
--output "$OUTPUT_DIR/service-lateral-movement.json"
# Identity-based lateral movement
python cloud_scout.py analyze-identity-lateral-movement \
--include-shared-credentials \
--include-federated-access \
--include-service-accounts \
--output "$OUTPUT_DIR/identity-lateral-movement.json"
\\\\}
# Function to analyze data exfiltration paths
analyze_data_exfiltration() \\\\{
echo "[+] Analyzing data exfiltration paths"
# Storage-based exfiltration
python cloud_scout.py analyze-storage-exfiltration \
--include-s3-buckets \
--include-blob-storage \
--include-cloud-storage \
--check-public-access \
--output "$OUTPUT_DIR/storage-exfiltration.json"
# Database exfiltration
python cloud_scout.py analyze-database-exfiltration \
--include-rds \
--include-sql-database \
--include-cloud-sql \
--check-backup-access \
--output "$OUTPUT_DIR/database-exfiltration.json"
# API-based exfiltration
python cloud_scout.py analyze-api-exfiltration \
--include-api-gateways \
--include-function-apps \
--include-cloud-functions \
--output "$OUTPUT_DIR/api-exfiltration.json"
\\\\}
# Function to generate attack path report
generate_attack_path_report() \\\\{
echo "[+] Generating comprehensive attack path report"
# Combine all attack path data
python cloud_scout.py combine-attack-paths \
--input-dir "$OUTPUT_DIR" \
--output "$OUTPUT_DIR/combined-attack-paths.json"
# Generate interactive visualization
python cloud_scout.py visualize-attack-paths \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--output "$OUTPUT_DIR/attack-paths-visualization.html" \
--interactive \
--color-by-risk \
--include-filters
# Generate detailed report
python cloud_scout.py generate-attack-path-report \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--template detailed \
--output "$OUTPUT_DIR/attack-path-report.html" \
--include-remediation \
--include-mitre-mapping
# Generate executive summary
python cloud_scout.py generate-executive-summary \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--output "$OUTPUT_DIR/executive-summary.html" \
--focus-high-risk
# Export to MITRE ATT&CK format
python cloud_scout.py export-mitre-attack \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--output "$OUTPUT_DIR/mitre-attack-mapping.json"
\\\\}
# Function to prioritize remediation
prioritize_remediation() \\\\{
echo "[+] Prioritizing remediation actions"
python cloud_scout.py prioritize-remediation \
--input "$OUTPUT_DIR/combined-attack-paths.json" \
--risk-threshold 8 \
--business-impact-weights config/business-impact.yaml \
--output "$OUTPUT_DIR/remediation-priorities.json"
# Generate remediation roadmap
python cloud_scout.py generate-remediation-roadmap \
--input "$OUTPUT_DIR/remediation-priorities.json" \
--timeline 90 \
--resource-constraints config/resource-constraints.yaml \
--output "$OUTPUT_DIR/remediation-roadmap.html"
\\\\}
# Main execution
echo "[+] Starting multi-cloud attack path discovery"
echo "[+] Target environment: $TARGET_ENVIRONMENT"
echo "[+] Attack scenario: $ATTACK_SCENARIO"
# Check dependencies
if ! command -v python &> /dev/null||! python -c "import cloud_scout" 2>/dev/null; then
echo "[-] Cloud Scout not found or not properly installed"
exit 1
fi
# Discover attack paths based on scenario
case "$ATTACK_SCENARIO" in
"privilege-escalation")
discover_attack_paths "$TARGET_ENVIRONMENT" "privilege-escalation"
analyze_privilege_escalation
;;
"lateral-movement")
discover_attack_paths "$TARGET_ENVIRONMENT" "lateral-movement"
analyze_lateral_movement
;;
"data-exfiltration")
discover_attack_paths "$TARGET_ENVIRONMENT" "data-exfiltration"
analyze_data_exfiltration
;;
"persistence")
discover_attack_paths "$TARGET_ENVIRONMENT" "persistence"
;;
"all")
discover_attack_paths "$TARGET_ENVIRONMENT" "privilege-escalation"
discover_attack_paths "$TARGET_ENVIRONMENT" "lateral-movement"
discover_attack_paths "$TARGET_ENVIRONMENT" "data-exfiltration"
discover_attack_paths "$TARGET_ENVIRONMENT" "persistence"
analyze_privilege_escalation
analyze_lateral_movement
analyze_data_exfiltration
;;
*)
echo "[-] Unknown attack scenario: $ATTACK_SCENARIO"
exit 1
;;
esac
# Generate reports and prioritize remediation
generate_attack_path_report
prioritize_remediation
echo "[+] Multi-cloud attack path discovery completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $OUTPUT_DIR/attack-paths-visualization.html for interactive analysis"
Vigilancia continua de la seguridad en la nube
#!/bin/bash
# Continuous cloud security monitoring with Cloud Scout
MONITORING_CONFIG="config/monitoring.yaml"
LOG_DIR="monitoring_logs"
ALERT_WEBHOOK="$1"
CHECK_INTERVAL=3600 # 1 hour
if [ -z "$ALERT_WEBHOOK" ]; then
echo "Usage: $0 <alert_webhook_url>"
echo "Example: $0 'https://hooks.slack.com/services/...'"
exit 1
fi
mkdir -p "$LOG_DIR"
# Function to perform security monitoring scan
perform_monitoring_scan() \\\\{
local timestamp=$(date +%Y%m%d_%H%M%S)
local scan_output="$LOG_DIR/scan_$timestamp.json"
local baseline_file="$LOG_DIR/baseline.json"
echo "[+] Performing security monitoring scan at $(date)"
# Perform comprehensive scan
python cloud_scout.py monitor-scan \
--config "$MONITORING_CONFIG" \
--output "$scan_output" \
--include-all-providers \
--deep-scan
if [ $? -ne 0 ]; then
echo "[-] Monitoring scan failed"
return 1
fi
# Compare with baseline if it exists
if [ -f "$baseline_file" ]; then
echo " [+] Comparing with baseline"
local changes_file="$LOG_DIR/changes_$timestamp.json"
python cloud_scout.py compare-scans \
--baseline "$baseline_file" \
--current "$scan_output" \
--output "$changes_file"
# Analyze changes for security implications
analyze_security_changes "$changes_file" "$timestamp"
else
echo " [+] Creating initial baseline"
cp "$scan_output" "$baseline_file"
fi
# Update baseline if significant time has passed
local baseline_age=$(stat -c %Y "$baseline_file" 2>/dev/null||echo 0)
local current_time=$(date +%s)
local age_hours=$(( (current_time - baseline_age) / 3600 ))
if [ $age_hours -gt 168 ]; then # 1 week
echo " [+] Updating baseline (age: $\\\\{age_hours\\\\} hours)"
cp "$scan_output" "$baseline_file"
fi
return 0
\\\\}
# Function to analyze security changes
analyze_security_changes() \\\\{
local changes_file="$1"
local timestamp="$2"
local analysis_file="$LOG_DIR/analysis_$timestamp.json"
echo " [+] Analyzing security changes"
# Perform security impact analysis
python cloud_scout.py analyze-security-changes \
--input "$changes_file" \
--risk-assessment \
--attack-path-impact \
--output "$analysis_file"
# Check for high-risk changes
local high_risk_count=$(python cloud_scout.py count-high-risk-changes \
--input "$analysis_file" \
--threshold 8)
if [ "$high_risk_count" -gt 0 ]; then
echo " [!] High-risk changes detected: $high_risk_count"
send_security_alert "HIGH_RISK_CHANGES" "$high_risk_count" "$analysis_file"
fi
# Check for new attack paths
local new_attack_paths=$(python cloud_scout.py detect-new-attack-paths \
--input "$analysis_file" \
--output "$LOG_DIR/new_attack_paths_$timestamp.json")
if [ "$new_attack_paths" -gt 0 ]; then
echo " [!] New attack paths detected: $new_attack_paths"
send_security_alert "NEW_ATTACK_PATHS" "$new_attack_paths" "$LOG_DIR/new_attack_paths_$timestamp.json"
fi
# Check for compliance violations
local compliance_violations=$(python cloud_scout.py check-compliance-violations \
--input "$analysis_file" \
--frameworks cis,nist \
--output "$LOG_DIR/compliance_violations_$timestamp.json")
if [ "$compliance_violations" -gt 0 ]; then
echo " [!] Compliance violations detected: $compliance_violations"
send_security_alert "COMPLIANCE_VIOLATIONS" "$compliance_violations" "$LOG_DIR/compliance_violations_$timestamp.json"
fi
\\\\}
# Function to send security alerts
send_security_alert() \\\\{
local alert_type="$1"
local count="$2"
local details_file="$3"
echo "[!] Sending security alert: $alert_type"
# Create alert message
local message="🚨 Cloud Security Alert: $alert_type detected ($count items) at $(date)"
# Send to webhook
if [ -n "$ALERT_WEBHOOK" ]; then
curl -X POST -H 'Content-type: application/json' \
--data "\\\\{\"text\":\"$message\"\\\\}" \
"$ALERT_WEBHOOK" 2>/dev/null||echo "Webhook alert failed"
fi
# Send email if configured
if [ -n "$ALERT_EMAIL" ]; then
echo "$message"|mail -s "Cloud Security Alert: $alert_type" \
-A "$details_file" "$ALERT_EMAIL" 2>/dev/null||echo "Email alert failed"
fi
# Log alert
echo "$(date): $alert_type - $count items" >> "$LOG_DIR/alerts.log"
\\\\}
# Function to generate monitoring report
generate_monitoring_report() \\\\{
echo "[+] Generating monitoring report"
local report_file="$LOG_DIR/monitoring_report_$(date +%Y%m%d).html"
# Collect recent scan data
python cloud_scout.py generate-monitoring-report \
--input-dir "$LOG_DIR" \
--timeframe 24h \
--output "$report_file" \
--include-trends \
--include-alerts
echo " [+] Monitoring report generated: $report_file"
\\\\}
# Function to cleanup old logs
cleanup_logs() \\\\{
echo "[+] Cleaning up old monitoring logs"
# Keep logs for 30 days
find "$LOG_DIR" -name "scan_*.json" -mtime +30 -delete
find "$LOG_DIR" -name "changes_*.json" -mtime +30 -delete
find "$LOG_DIR" -name "analysis_*.json" -mtime +30 -delete
# Keep reports for 90 days
find "$LOG_DIR" -name "monitoring_report_*.html" -mtime +90 -delete
\\\\}
# Function to check system health
check_system_health() \\\\{
echo "[+] Checking system health"
# Check Cloud Scout installation
if ! python -c "import cloud_scout" 2>/dev/null; then
echo "[-] Cloud Scout not available"
send_security_alert "SYSTEM_ERROR" "1" "/dev/null"
return 1
fi
# Check cloud provider connectivity
local connectivity_issues=0
if ! python cloud_scout.py test-aws-connectivity 2>/dev/null; then
echo "[-] AWS connectivity issues"
connectivity_issues=$((connectivity_issues + 1))
fi
if ! python cloud_scout.py test-azure-connectivity 2>/dev/null; then
echo "[-] Azure connectivity issues"
connectivity_issues=$((connectivity_issues + 1))
fi
if ! python cloud_scout.py test-gcp-connectivity 2>/dev/null; then
echo "[-] GCP connectivity issues"
connectivity_issues=$((connectivity_issues + 1))
fi
if [ $connectivity_issues -gt 0 ]; then
send_security_alert "CONNECTIVITY_ISSUES" "$connectivity_issues" "/dev/null"
fi
# Check disk space
local disk_usage=$(df "$LOG_DIR"|awk 'NR==2 \\\\{print $5\\\\}'|sed 's/%//')
if [ "$disk_usage" -gt 90 ]; then
echo "[-] Disk space critical: $\\\\{disk_usage\\\\}%"
send_security_alert "DISK_SPACE_CRITICAL" "$disk_usage" "/dev/null"
fi
return 0
\\\\}
# Main monitoring loop
echo "[+] Starting continuous cloud security monitoring"
echo "[+] Check interval: $((CHECK_INTERVAL / 60)) minutes"
echo "[+] Alert webhook: $ALERT_WEBHOOK"
while true; do
echo "[+] Starting monitoring cycle at $(date)"
# Check system health
if check_system_health; then
# Perform monitoring scan
if perform_monitoring_scan; then
echo " [+] Monitoring scan completed successfully"
else
echo " [-] Monitoring scan failed"
send_security_alert "SCAN_FAILURE" "1" "/dev/null"
fi
fi
# Generate daily report and cleanup
if [ "$(date +%H)" = "06" ]; then # 6 AM
generate_monitoring_report
cleanup_logs
fi
echo "[+] Monitoring cycle completed at $(date)"
echo "[+] Next check in $((CHECK_INTERVAL / 60)) minutes"
sleep "$CHECK_INTERVAL"
done
Integración con otras herramientas
SIEM Integración
# Export Cloud Scout data to SIEM formats
python cloud_scout.py export-siem \
--format splunk \
--input scan-results.json \
--output cloud-scout-events.json
# Send alerts to SIEM
python cloud_scout.py send-siem-alert \
--siem-endpoint https://siem.company.com/api \
--alert-data high-risk-findings.json
Terraform Integration
# Generate Terraform remediation code
python cloud_scout.py generate-terraform \
--input security-findings.json \
--output remediation.tf
# Validate Terraform against Cloud Scout policies
python cloud_scout.py validate-terraform \
--terraform-dir ./infrastructure \
--policies config/security-policies.yaml
CI/CD Pipeline Integration
# Cloud Scout in CI/CD pipeline
python cloud_scout.py pipeline-scan \
--config config/pipeline.yaml \
--fail-on-high-risk \
--output pipeline-results.json
# Generate security gates
python cloud_scout.py generate-security-gates \
--input pipeline-results.json \
--output security-gates.yaml
Solución de problemas
Cuestiones comunes
Problemas de autenticación
# Check AWS credentials
aws sts get-caller-identity
# Check Azure authentication
az account show
# Check GCP authentication
gcloud auth list
# Test Cloud Scout authentication
python cloud_scout.py test-auth --all-providers
Cuestiones de ejecución
# Optimize scan performance
python cloud_scout.py optimize-scan \
--max-threads 20 \
--batch-size 100 \
--timeout 300
# Monitor resource usage
python cloud_scout.py monitor-resources \
--output resource-usage.log
Cuestiones de recopilación de datos
# Debug data collection
python cloud_scout.py debug-collection \
--provider aws \
--region us-east-1 \
--verbose
# Validate collected data
python cloud_scout.py validate-data \
--input scan-results.json \
--output validation-report.json
Recursos
- Cloud Scout GitHub Repository
- Sygnia Research
- Cloud Security Best Practices
- AWS Security Documentation
- Azure Security Documentation
- GCP Security Documentation
- MITRE ATT limitadaCK Cloud Matrix
-...
*Esta hoja de trampolín proporciona una referencia completa para usar Cloud Scout para mapear la seguridad en la nube y visualizar la ruta de ataque. Siempre asegúrese de tener una autorización adecuada antes de escanear entornos de nube. *