Feuille de chaleur scout en nuage

Copier toutes les commandes Générer PDF

Aperçu général

Cloud Scout est un outil open-source développé par Sygnia pour la cartographie de la sécurité du cloud et la visualisation du chemin d'attaque dans les environnements de cloud hybrides. Cette plate-forme complète permet aux équipes de sécurité de cartographier l'infrastructure cloud, d'identifier les voies d'attaque et de visualiser les risques potentiels de sécurité dans les environnements AWS, Azure et Google Cloud Platform. Cloud Scout excelle à fournir une vue unifiée de la posture de sécurité du cloud en combinant les données de plusieurs fournisseurs de cloud et l'infrastructure sur site pour créer une analyse complète du chemin d'attaque et des capacités de cartographie de sécurité.

C'est pas vrai. Attention: Cloud Scout nécessite des autorisations appropriées pour accéder aux ressources du cloud. Utilisez seulement cet outil contre les environnements cloud que vous possédez ou avez une autorisation écrite explicite pour évaluer. La numérisation de cloud non autorisée peut violer les conditions de service et les lois locales.

Installation et configuration

Préalables

# Install Python 3.8 or higher
python3 --version

# Install pip and virtualenv
sudo apt update
sudo apt install python3-pip python3-venv

# Install Node.js for web interface
curl -fsSL https://deb.nodesource.com/setup_18.x|sudo -E bash -
sudo apt-get install -y nodejs

# Install Docker for containerized deployment
sudo apt install docker.io docker-compose
sudo usermod -aG docker $USER

Installation depuis la source

# Clone Cloud Scout repository
git clone https://github.com/Sygnia/cloud-scout.git
cd cloud-scout

# Create virtual environment
python3 -m venv cloud-scout-env
source cloud-scout-env/bin/activate

# Install dependencies
pip install -r requirements.txt

# Install additional dependencies for cloud providers
pip install boto3 azure-identity azure-mgmt-resource google-cloud-asset

# Verify installation
python cloud_scout.py --help
```_

### Installation Docker
```bash
# Pull Cloud Scout Docker image
docker pull sygnia/cloud-scout:latest

# Run Cloud Scout in Docker
docker run -it --rm \
    -v $(pwd)/config:/app/config \
    -v $(pwd)/output:/app/output \
    -p 8080:8080 \
    sygnia/cloud-scout:latest

# Create Docker Compose setup
cat > docker-compose.yml << 'EOF'
version: '3.8'
services:
  cloud-scout:
    image: sygnia/cloud-scout:latest
    ports:
      - "8080:8080"
    volumes:
      - ./config:/app/config
      - ./output:/app/output
      - ./data:/app/data
    environment:
      - CLOUD_SCOUT_CONFIG=/app/config/config.yaml
EOF

# Start with Docker Compose
docker-compose up -d
```_

### Configuration du fournisseur de cloud

#### Configuration AWS
```bash
# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

# Configure AWS credentials
aws configure
# Enter Access Key ID, Secret Access Key, Region, Output format

# Create IAM policy for Cloud Scout
cat > cloud-scout-policy.json << 'EOF'
\\\\{
    "Version": "2012-10-17",
    "Statement": [
        \\\\{
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "iam:List*",
                "iam:Get*",
                "s3:List*",
                "s3:Get*",
                "rds:Describe*",
                "lambda:List*",
                "lambda:Get*",
                "cloudformation:List*",
                "cloudformation:Describe*",
                "cloudtrail:Describe*",
                "cloudtrail:Get*",
                "organizations:List*",
                "organizations:Describe*"
            ],
            "Resource": "*"
        \\\\}
    ]
\\\\}
EOF

# Create IAM user and attach policy
aws iam create-user --user-name cloud-scout-user
aws iam put-user-policy --user-name cloud-scout-user --policy-name CloudScoutPolicy --policy-document file://cloud-scout-policy.json
aws iam create-access-key --user-name cloud-scout-user

Configuration d'azur

# Install Azure CLI
curl -sL https://aka.ms/InstallAzureCLIDeb|sudo bash

# Login to Azure
az login

# Create service principal for Cloud Scout
az ad sp create-for-rbac --name "cloud-scout-sp" --role "Reader" --scopes "/subscriptions/$(az account show --query id -o tsv)"

# Grant additional permissions
az role assignment create --assignee <service-principal-id> --role "Security Reader" --scope "/subscriptions/$(az account show --query id -o tsv)"

# Set environment variables
export AZURE_CLIENT_ID="<client-id>"
export AZURE_CLIENT_SECRET="<client-secret>"
export AZURE_TENANT_ID="<tenant-id>"
export AZURE_SUBSCRIPTION_ID="<subscription-id>"

Configuration de la plateforme Google Cloud

# Install Google Cloud SDK
curl https://sdk.cloud.google.com|bash
exec -l $SHELL

# Initialize gcloud
gcloud init

# Create service account
gcloud iam service-accounts create cloud-scout-sa --display-name="Cloud Scout Service Account"

# Grant necessary roles
gcloud projects add-iam-policy-binding PROJECT_ID \
    --member="serviceAccount:cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/viewer"

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member="serviceAccount:cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/security.securityReviewer"

# Create and download service account key
gcloud iam service-accounts keys create cloud-scout-key.json \
    --iam-account=cloud-scout-sa@PROJECT_ID.iam.gserviceaccount.com

# Set environment variable
export GOOGLE_APPLICATION_CREDENTIALS="$(pwd)/cloud-scout-key.json"

Configuration

Configuration de base

# config/config.yaml
cloud_scout:
  # General settings
  output_directory: "./output"
  log_level: "INFO"
  max_threads: 10

  # Cloud providers
  providers:
    aws:
      enabled: true
      regions: ["us-east-1", "us-west-2", "eu-west-1"]
      accounts: ["123456789012"]

    azure:
      enabled: true
      subscriptions: ["subscription-id-1", "subscription-id-2"]

    gcp:
      enabled: true
      projects: ["project-id-1", "project-id-2"]

  # Data collection settings
  collection:
    compute_instances: true
    storage_buckets: true
    databases: true
    network_resources: true
    iam_resources: true
    security_groups: true
    load_balancers: true
    dns_records: true

  # Analysis settings
  analysis:
    attack_paths: true
    privilege_escalation: true
    lateral_movement: true
    data_exfiltration: true
    persistence_mechanisms: true

  # Visualization settings
  visualization:
    web_interface: true
    port: 8080
    export_formats: ["json", "csv", "graphml"]

Configuration avancée

# config/advanced-config.yaml
cloud_scout:
  # Advanced collection settings
  collection:
    deep_scan: true
    include_metadata: true
    scan_interval: 3600  # seconds

    # Resource-specific settings
    compute:
      include_stopped_instances: true
      scan_instance_metadata: true
      check_user_data: true

    storage:
      scan_bucket_policies: true
      check_public_access: true
      analyze_encryption: true

    network:
      map_vpc_peering: true
      analyze_security_groups: true
      check_nacls: true
      scan_route_tables: true

    iam:
      analyze_policies: true
      check_cross_account_access: true
      map_role_assumptions: true
      scan_service_accounts: true

  # Attack path analysis
  attack_paths:
    algorithms:
      - "shortest_path"
      - "privilege_escalation"
      - "lateral_movement"
      - "data_access"

    risk_scoring:
      enabled: true
      factors:
        - "exposure_level"
        - "privilege_level"
        - "data_sensitivity"
        - "attack_complexity"

    filters:
      min_risk_score: 5
      max_path_length: 10
      exclude_low_impact: true

  # Reporting settings
  reporting:
    formats: ["html", "pdf", "json"]
    include_remediation: true
    executive_summary: true
    technical_details: true

    templates:
      executive: "templates/executive.html"
      technical: "templates/technical.html"
      compliance: "templates/compliance.html"

Utilisation de base

Cartographie initiale des nuages

# Basic cloud mapping across all configured providers
python cloud_scout.py map --all-providers

# Map specific cloud provider
python cloud_scout.py map --provider aws
python cloud_scout.py map --provider azure
python cloud_scout.py map --provider gcp

# Map specific regions/subscriptions/projects
python cloud_scout.py map --provider aws --regions us-east-1,us-west-2
python cloud_scout.py map --provider azure --subscriptions sub-id-1
python cloud_scout.py map --provider gcp --projects project-1,project-2

# Map with specific resource types
python cloud_scout.py map --resources compute,storage,network

Analyse du chemin d'attaque

# Analyze attack paths across all mapped resources
python cloud_scout.py analyze --attack-paths

# Analyze specific attack scenarios
python cloud_scout.py analyze --scenario privilege-escalation
python cloud_scout.py analyze --scenario lateral-movement
python cloud_scout.py analyze --scenario data-exfiltration

# Analyze with risk scoring
python cloud_scout.py analyze --risk-scoring --min-score 7

# Generate attack path report
python cloud_scout.py analyze --output-format html --report-type attack-paths

Évaluation de la sécurité

# Comprehensive security assessment
python cloud_scout.py assess --comprehensive

# Assess specific security domains
python cloud_scout.py assess --domains iam,network,storage
python cloud_scout.py assess --domains compute,database

# Compliance assessment
python cloud_scout.py assess --compliance cis-aws
python cloud_scout.py assess --compliance nist-csf
python cloud_scout.py assess --compliance iso27001

# Custom security checks
python cloud_scout.py assess --custom-checks config/custom-checks.yaml

Caractéristiques avancées

Cartographie environnementale multicloud

# Map hybrid cloud environment
python cloud_scout.py map-hybrid \
    --aws-accounts 123456789012,987654321098 \
    --azure-subscriptions sub-1,sub-2 \
    --gcp-projects project-1,project-2 \
    --include-on-premises

# Cross-cloud relationship analysis
python cloud_scout.py analyze-relationships \
    --cross-cloud \
    --include-vpn-connections \
    --include-peering

# Multi-cloud attack path analysis
python cloud_scout.py analyze-attack-paths \
    --multi-cloud \
    --include-cross-cloud-paths \
    --risk-threshold 8

Visualisation avancée

# Generate interactive visualization
python cloud_scout.py visualize \
    --interactive \
    --include-attack-paths \
    --color-by-risk

# Export to graph formats
python cloud_scout.py export \
    --format graphml \
    --include-metadata \
    --output cloud-topology.graphml

# Generate network diagrams
python cloud_scout.py diagram \
    --type network \
    --provider aws \
    --region us-east-1 \
    --output network-diagram.png

Surveillance continue

# Set up continuous monitoring
python cloud_scout.py monitor \
    --interval 3600 \
    --alert-on-changes \
    --webhook-url https://hooks.slack.com/services/...

# Compare cloud states
python cloud_scout.py compare \
    --baseline baseline-20231201.json \
    --current current-scan.json \
    --output-diff changes-report.html

# Automated reporting
python cloud_scout.py report \
    --schedule daily \
    --email-recipients security@company.com \
    --include-executive-summary

Scripts d'automatisation

Évaluation globale de la sécurité en nuage

#!/bin/bash
# Comprehensive cloud security assessment using Cloud Scout

ASSESSMENT_NAME="$1"
OUTPUT_DIR="cloud_assessment_$(date +%Y%m%d_%H%M%S)"
REPORT_DIR="$OUTPUT_DIR/reports"
DATA_DIR="$OUTPUT_DIR/data"

if [ -z "$ASSESSMENT_NAME" ]; then
    echo "Usage: $0 <assessment_name>"
    echo "Example: $0 'Q4_2023_Security_Assessment'"
    exit 1
fi

mkdir -p "$REPORT_DIR" "$DATA_DIR"

# Function to perform cloud mapping
perform_cloud_mapping() \\\\{
    echo "[+] Starting cloud mapping phase"

    # Map AWS environments
    if python cloud_scout.py check-provider --provider aws; then
        echo "  [+] Mapping AWS environment"
        python cloud_scout.py map \
            --provider aws \
            --all-regions \
            --output "$DATA_DIR/aws-mapping.json" \
            --verbose
    fi

    # Map Azure environments
    if python cloud_scout.py check-provider --provider azure; then
        echo "  [+] Mapping Azure environment"
        python cloud_scout.py map \
            --provider azure \
            --all-subscriptions \
            --output "$DATA_DIR/azure-mapping.json" \
            --verbose
    fi

    # Map GCP environments
    if python cloud_scout.py check-provider --provider gcp; then
        echo "  [+] Mapping GCP environment"
        python cloud_scout.py map \
            --provider gcp \
            --all-projects \
            --output "$DATA_DIR/gcp-mapping.json" \
            --verbose
    fi

    # Combine mappings
    python cloud_scout.py combine-mappings \
        --input-dir "$DATA_DIR" \
        --output "$DATA_DIR/combined-mapping.json"

    echo "[+] Cloud mapping completed"
\\\\}

# Function to analyze attack paths
analyze_attack_paths() \\\\{
    echo "[+] Starting attack path analysis"

    # Comprehensive attack path analysis
    python cloud_scout.py analyze-attack-paths \
        --input "$DATA_DIR/combined-mapping.json" \
        --all-scenarios \
        --risk-scoring \
        --output "$DATA_DIR/attack-paths.json"

    # Privilege escalation analysis
    python cloud_scout.py analyze-privilege-escalation \
        --input "$DATA_DIR/combined-mapping.json" \
        --include-cross-account \
        --output "$DATA_DIR/privilege-escalation.json"

    # Lateral movement analysis
    python cloud_scout.py analyze-lateral-movement \
        --input "$DATA_DIR/combined-mapping.json" \
        --include-network-paths \
        --output "$DATA_DIR/lateral-movement.json"

    # Data exfiltration analysis
    python cloud_scout.py analyze-data-exfiltration \
        --input "$DATA_DIR/combined-mapping.json" \
        --include-storage-access \
        --output "$DATA_DIR/data-exfiltration.json"

    echo "[+] Attack path analysis completed"
\\\\}

# Function to perform security assessment
perform_security_assessment() \\\\{
    echo "[+] Starting security assessment"

    # CIS benchmark assessment
    python cloud_scout.py assess-compliance \
        --framework cis \
        --input "$DATA_DIR/combined-mapping.json" \
        --output "$DATA_DIR/cis-assessment.json"

    # NIST CSF assessment
    python cloud_scout.py assess-compliance \
        --framework nist-csf \
        --input "$DATA_DIR/combined-mapping.json" \
        --output "$DATA_DIR/nist-assessment.json"

    # Custom security checks
    python cloud_scout.py assess-security \
        --custom-checks config/security-checks.yaml \
        --input "$DATA_DIR/combined-mapping.json" \
        --output "$DATA_DIR/security-assessment.json"

    # Risk assessment
    python cloud_scout.py assess-risk \
        --input "$DATA_DIR/combined-mapping.json" \
        --include-attack-paths "$DATA_DIR/attack-paths.json" \
        --output "$DATA_DIR/risk-assessment.json"

    echo "[+] Security assessment completed"
\\\\}

# Function to generate reports
generate_reports() \\\\{
    echo "[+] Generating comprehensive reports"

    # Executive summary report
    python cloud_scout.py generate-report \
        --template executive \
        --input-dir "$DATA_DIR" \
        --output "$REPORT_DIR/executive-summary.html" \
        --title "$ASSESSMENT_NAME - Executive Summary"

    # Technical report
    python cloud_scout.py generate-report \
        --template technical \
        --input-dir "$DATA_DIR" \
        --output "$REPORT_DIR/technical-report.html" \
        --title "$ASSESSMENT_NAME - Technical Report" \
        --include-remediation

    # Attack path report
    python cloud_scout.py generate-report \
        --template attack-paths \
        --input "$DATA_DIR/attack-paths.json" \
        --output "$REPORT_DIR/attack-paths-report.html" \
        --include-visualizations

    # Compliance report
    python cloud_scout.py generate-report \
        --template compliance \
        --input-dir "$DATA_DIR" \
        --output "$REPORT_DIR/compliance-report.html" \
        --frameworks cis,nist-csf

    # Generate PDF reports
    for html_file in "$REPORT_DIR"/*.html; do
        pdf_file="$\\\\{html_file%.html\\\\}.pdf"
        wkhtmltopdf "$html_file" "$pdf_file" 2>/dev/null||\
            echo "Warning: Could not generate PDF for $(basename "$html_file")"
    done

    echo "[+] Report generation completed"
\\\\}

# Function to create visualizations
create_visualizations() \\\\{
    echo "[+] Creating visualizations"

    # Network topology visualization
    python cloud_scout.py visualize-topology \
        --input "$DATA_DIR/combined-mapping.json" \
        --output "$REPORT_DIR/network-topology.html" \
        --interactive

    # Attack path visualization
    python cloud_scout.py visualize-attack-paths \
        --input "$DATA_DIR/attack-paths.json" \
        --output "$REPORT_DIR/attack-paths-visualization.html" \
        --color-by-risk

    # Risk heatmap
    python cloud_scout.py generate-heatmap \
        --input "$DATA_DIR/risk-assessment.json" \
        --output "$REPORT_DIR/risk-heatmap.png" \
        --dimensions provider,service,risk-level

    # Export to graph formats
    python cloud_scout.py export-graph \
        --input "$DATA_DIR/combined-mapping.json" \
        --format graphml \
        --output "$DATA_DIR/cloud-topology.graphml"

    echo "[+] Visualization creation completed"
\\\\}

# Function to generate summary
generate_summary() \\\\{
    echo "[+] Generating assessment summary"

    cat > "$OUTPUT_DIR/assessment-summary.txt" << EOF
Cloud Security Assessment Summary
================================
Assessment Name: $ASSESSMENT_NAME
Date: $(date)
Output Directory: $OUTPUT_DIR

Files Generated:
- Data Files: $DATA_DIR/
- Reports: $REPORT_DIR/
- Visualizations: $REPORT_DIR/

Key Findings:
$(python cloud_scout.py summarize --input-dir "$DATA_DIR" --format text)

Next Steps:
1. Review executive summary report
2. Analyze attack path visualizations
3. Implement high-priority remediation items
4. Schedule follow-up assessment

EOF

    echo "[+] Assessment summary generated: $OUTPUT_DIR/assessment-summary.txt"
\\\\}

# Main execution
echo "[+] Starting comprehensive cloud security assessment: $ASSESSMENT_NAME"

# Check dependencies
if ! command -v python &> /dev/null||! python -c "import cloud_scout" 2>/dev/null; then
    echo "[-] Cloud Scout not found or not properly installed"
    exit 1
fi

# Perform assessment phases
perform_cloud_mapping
analyze_attack_paths
perform_security_assessment
generate_reports
create_visualizations
generate_summary

echo "[+] Comprehensive cloud security assessment completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $REPORT_DIR/executive-summary.html for overview"

Découverte du sentier d'attaque multicloud

#!/bin/bash
# Multi-cloud attack path discovery and analysis

TARGET_ENVIRONMENT="$1"
ATTACK_SCENARIO="$2"
OUTPUT_DIR="attack_path_analysis_$(date +%Y%m%d_%H%M%S)"

if [ -z "$TARGET_ENVIRONMENT" ]||[ -z "$ATTACK_SCENARIO" ]; then
    echo "Usage: $0 <target_environment> <attack_scenario>"
    echo "Environments: production, staging, development, all"
    echo "Scenarios: privilege-escalation, lateral-movement, data-exfiltration, persistence, all"
    exit 1
fi

mkdir -p "$OUTPUT_DIR"

# Function to discover attack paths
discover_attack_paths() \\\\{
    local environment="$1"
    local scenario="$2"
    local output_file="$OUTPUT_DIR/attack_paths_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"

    echo "[+] Discovering attack paths for $environment environment, scenario: $scenario"

    # Configure environment-specific settings
    case "$environment" in
        "production")
            config_file="config/production.yaml"
            ;;
        "staging")
            config_file="config/staging.yaml"
            ;;
        "development")
            config_file="config/development.yaml"
            ;;
        "all")
            config_file="config/all-environments.yaml"
            ;;
        *)
            echo "[-] Unknown environment: $environment"
            return 1
            ;;
    esac

    # Perform attack path discovery
    python cloud_scout.py discover-attack-paths \
        --config "$config_file" \
        --scenario "$scenario" \
        --deep-analysis \
        --include-cross-cloud \
        --output "$output_file"

    if [ $? -eq 0 ]; then
        echo "  [+] Attack paths discovered: $output_file"

        # Analyze path complexity
        python cloud_scout.py analyze-path-complexity \
            --input "$output_file" \
            --output "$OUTPUT_DIR/complexity_analysis_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"

        # Calculate risk scores
        python cloud_scout.py calculate-risk-scores \
            --input "$output_file" \
            --risk-factors config/risk-factors.yaml \
            --output "$OUTPUT_DIR/risk_scores_$\\\\{environment\\\\}_$\\\\{scenario\\\\}.json"

        return 0
    else
        echo "  [-] Failed to discover attack paths for $environment"
        return 1
    fi
\\\\}

# Function to analyze privilege escalation paths
analyze_privilege_escalation() \\\\{
    echo "[+] Analyzing privilege escalation paths"

    # AWS privilege escalation
    python cloud_scout.py analyze-aws-privesc \
        --include-iam-policies \
        --include-assume-role \
        --include-cross-account \
        --output "$OUTPUT_DIR/aws-privesc-paths.json"

    # Azure privilege escalation
    python cloud_scout.py analyze-azure-privesc \
        --include-rbac \
        --include-managed-identity \
        --include-service-principal \
        --output "$OUTPUT_DIR/azure-privesc-paths.json"

    # GCP privilege escalation
    python cloud_scout.py analyze-gcp-privesc \
        --include-iam-bindings \
        --include-service-accounts \
        --include-workload-identity \
        --output "$OUTPUT_DIR/gcp-privesc-paths.json"

    # Cross-cloud privilege escalation
    python cloud_scout.py analyze-cross-cloud-privesc \
        --aws-input "$OUTPUT_DIR/aws-privesc-paths.json" \
        --azure-input "$OUTPUT_DIR/azure-privesc-paths.json" \
        --gcp-input "$OUTPUT_DIR/gcp-privesc-paths.json" \
        --output "$OUTPUT_DIR/cross-cloud-privesc-paths.json"
\\\\}

# Function to analyze lateral movement paths
analyze_lateral_movement() \\\\{
    echo "[+] Analyzing lateral movement paths"

    # Network-based lateral movement
    python cloud_scout.py analyze-network-lateral-movement \
        --include-vpc-peering \
        --include-transit-gateway \
        --include-vpn-connections \
        --output "$OUTPUT_DIR/network-lateral-movement.json"

    # Service-based lateral movement
    python cloud_scout.py analyze-service-lateral-movement \
        --include-lambda-functions \
        --include-container-services \
        --include-database-connections \
        --output "$OUTPUT_DIR/service-lateral-movement.json"

    # Identity-based lateral movement
    python cloud_scout.py analyze-identity-lateral-movement \
        --include-shared-credentials \
        --include-federated-access \
        --include-service-accounts \
        --output "$OUTPUT_DIR/identity-lateral-movement.json"
\\\\}

# Function to analyze data exfiltration paths
analyze_data_exfiltration() \\\\{
    echo "[+] Analyzing data exfiltration paths"

    # Storage-based exfiltration
    python cloud_scout.py analyze-storage-exfiltration \
        --include-s3-buckets \
        --include-blob-storage \
        --include-cloud-storage \
        --check-public-access \
        --output "$OUTPUT_DIR/storage-exfiltration.json"

    # Database exfiltration
    python cloud_scout.py analyze-database-exfiltration \
        --include-rds \
        --include-sql-database \
        --include-cloud-sql \
        --check-backup-access \
        --output "$OUTPUT_DIR/database-exfiltration.json"

    # API-based exfiltration
    python cloud_scout.py analyze-api-exfiltration \
        --include-api-gateways \
        --include-function-apps \
        --include-cloud-functions \
        --output "$OUTPUT_DIR/api-exfiltration.json"
\\\\}

# Function to generate attack path report
generate_attack_path_report() \\\\{
    echo "[+] Generating comprehensive attack path report"

    # Combine all attack path data
    python cloud_scout.py combine-attack-paths \
        --input-dir "$OUTPUT_DIR" \
        --output "$OUTPUT_DIR/combined-attack-paths.json"

    # Generate interactive visualization
    python cloud_scout.py visualize-attack-paths \
        --input "$OUTPUT_DIR/combined-attack-paths.json" \
        --output "$OUTPUT_DIR/attack-paths-visualization.html" \
        --interactive \
        --color-by-risk \
        --include-filters

    # Generate detailed report
    python cloud_scout.py generate-attack-path-report \
        --input "$OUTPUT_DIR/combined-attack-paths.json" \
        --template detailed \
        --output "$OUTPUT_DIR/attack-path-report.html" \
        --include-remediation \
        --include-mitre-mapping

    # Generate executive summary
    python cloud_scout.py generate-executive-summary \
        --input "$OUTPUT_DIR/combined-attack-paths.json" \
        --output "$OUTPUT_DIR/executive-summary.html" \
        --focus-high-risk

    # Export to MITRE ATT&CK format
    python cloud_scout.py export-mitre-attack \
        --input "$OUTPUT_DIR/combined-attack-paths.json" \
        --output "$OUTPUT_DIR/mitre-attack-mapping.json"
\\\\}

# Function to prioritize remediation
prioritize_remediation() \\\\{
    echo "[+] Prioritizing remediation actions"

    python cloud_scout.py prioritize-remediation \
        --input "$OUTPUT_DIR/combined-attack-paths.json" \
        --risk-threshold 8 \
        --business-impact-weights config/business-impact.yaml \
        --output "$OUTPUT_DIR/remediation-priorities.json"

    # Generate remediation roadmap
    python cloud_scout.py generate-remediation-roadmap \
        --input "$OUTPUT_DIR/remediation-priorities.json" \
        --timeline 90 \
        --resource-constraints config/resource-constraints.yaml \
        --output "$OUTPUT_DIR/remediation-roadmap.html"
\\\\}

# Main execution
echo "[+] Starting multi-cloud attack path discovery"
echo "[+] Target environment: $TARGET_ENVIRONMENT"
echo "[+] Attack scenario: $ATTACK_SCENARIO"

# Check dependencies
if ! command -v python &> /dev/null||! python -c "import cloud_scout" 2>/dev/null; then
    echo "[-] Cloud Scout not found or not properly installed"
    exit 1
fi

# Discover attack paths based on scenario
case "$ATTACK_SCENARIO" in
    "privilege-escalation")
        discover_attack_paths "$TARGET_ENVIRONMENT" "privilege-escalation"
        analyze_privilege_escalation
        ;;
    "lateral-movement")
        discover_attack_paths "$TARGET_ENVIRONMENT" "lateral-movement"
        analyze_lateral_movement
        ;;
    "data-exfiltration")
        discover_attack_paths "$TARGET_ENVIRONMENT" "data-exfiltration"
        analyze_data_exfiltration
        ;;
    "persistence")
        discover_attack_paths "$TARGET_ENVIRONMENT" "persistence"
        ;;
    "all")
        discover_attack_paths "$TARGET_ENVIRONMENT" "privilege-escalation"
        discover_attack_paths "$TARGET_ENVIRONMENT" "lateral-movement"
        discover_attack_paths "$TARGET_ENVIRONMENT" "data-exfiltration"
        discover_attack_paths "$TARGET_ENVIRONMENT" "persistence"
        analyze_privilege_escalation
        analyze_lateral_movement
        analyze_data_exfiltration
        ;;
    *)
        echo "[-] Unknown attack scenario: $ATTACK_SCENARIO"
        exit 1
        ;;
esac

# Generate reports and prioritize remediation
generate_attack_path_report
prioritize_remediation

echo "[+] Multi-cloud attack path discovery completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $OUTPUT_DIR/attack-paths-visualization.html for interactive analysis"

Surveillance continue de la sécurité en nuage

#!/bin/bash
# Continuous cloud security monitoring with Cloud Scout

MONITORING_CONFIG="config/monitoring.yaml"
LOG_DIR="monitoring_logs"
ALERT_WEBHOOK="$1"
CHECK_INTERVAL=3600  # 1 hour

if [ -z "$ALERT_WEBHOOK" ]; then
    echo "Usage: $0 <alert_webhook_url>"
    echo "Example: $0 'https://hooks.slack.com/services/...'"
    exit 1
fi

mkdir -p "$LOG_DIR"

# Function to perform security monitoring scan
perform_monitoring_scan() \\\\{
    local timestamp=$(date +%Y%m%d_%H%M%S)
    local scan_output="$LOG_DIR/scan_$timestamp.json"
    local baseline_file="$LOG_DIR/baseline.json"

    echo "[+] Performing security monitoring scan at $(date)"

    # Perform comprehensive scan
    python cloud_scout.py monitor-scan \
        --config "$MONITORING_CONFIG" \
        --output "$scan_output" \
        --include-all-providers \
        --deep-scan

    if [ $? -ne 0 ]; then
        echo "[-] Monitoring scan failed"
        return 1
    fi

    # Compare with baseline if it exists
    if [ -f "$baseline_file" ]; then
        echo "  [+] Comparing with baseline"

        local changes_file="$LOG_DIR/changes_$timestamp.json"
        python cloud_scout.py compare-scans \
            --baseline "$baseline_file" \
            --current "$scan_output" \
            --output "$changes_file"

        # Analyze changes for security implications
        analyze_security_changes "$changes_file" "$timestamp"
    else
        echo "  [+] Creating initial baseline"
        cp "$scan_output" "$baseline_file"
    fi

    # Update baseline if significant time has passed
    local baseline_age=$(stat -c %Y "$baseline_file" 2>/dev/null||echo 0)
    local current_time=$(date +%s)
    local age_hours=$(( (current_time - baseline_age) / 3600 ))

    if [ $age_hours -gt 168 ]; then  # 1 week
        echo "  [+] Updating baseline (age: $\\\\{age_hours\\\\} hours)"
        cp "$scan_output" "$baseline_file"
    fi

    return 0
\\\\}

# Function to analyze security changes
analyze_security_changes() \\\\{
    local changes_file="$1"
    local timestamp="$2"
    local analysis_file="$LOG_DIR/analysis_$timestamp.json"

    echo "  [+] Analyzing security changes"

    # Perform security impact analysis
    python cloud_scout.py analyze-security-changes \
        --input "$changes_file" \
        --risk-assessment \
        --attack-path-impact \
        --output "$analysis_file"

    # Check for high-risk changes
    local high_risk_count=$(python cloud_scout.py count-high-risk-changes \
        --input "$analysis_file" \
        --threshold 8)

    if [ "$high_risk_count" -gt 0 ]; then
        echo "  [!] High-risk changes detected: $high_risk_count"
        send_security_alert "HIGH_RISK_CHANGES" "$high_risk_count" "$analysis_file"
    fi

    # Check for new attack paths
    local new_attack_paths=$(python cloud_scout.py detect-new-attack-paths \
        --input "$analysis_file" \
        --output "$LOG_DIR/new_attack_paths_$timestamp.json")

    if [ "$new_attack_paths" -gt 0 ]; then
        echo "  [!] New attack paths detected: $new_attack_paths"
        send_security_alert "NEW_ATTACK_PATHS" "$new_attack_paths" "$LOG_DIR/new_attack_paths_$timestamp.json"
    fi

    # Check for compliance violations
    local compliance_violations=$(python cloud_scout.py check-compliance-violations \
        --input "$analysis_file" \
        --frameworks cis,nist \
        --output "$LOG_DIR/compliance_violations_$timestamp.json")

    if [ "$compliance_violations" -gt 0 ]; then
        echo "  [!] Compliance violations detected: $compliance_violations"
        send_security_alert "COMPLIANCE_VIOLATIONS" "$compliance_violations" "$LOG_DIR/compliance_violations_$timestamp.json"
    fi
\\\\}

# Function to send security alerts
send_security_alert() \\\\{
    local alert_type="$1"
    local count="$2"
    local details_file="$3"

    echo "[!] Sending security alert: $alert_type"

    # Create alert message
    local message="🚨 Cloud Security Alert: $alert_type detected ($count items) at $(date)"

    # Send to webhook
    if [ -n "$ALERT_WEBHOOK" ]; then
        curl -X POST -H 'Content-type: application/json' \
            --data "\\\\{\"text\":\"$message\"\\\\}" \
            "$ALERT_WEBHOOK" 2>/dev/null||echo "Webhook alert failed"
    fi

    # Send email if configured
    if [ -n "$ALERT_EMAIL" ]; then
        echo "$message"|mail -s "Cloud Security Alert: $alert_type" \
            -A "$details_file" "$ALERT_EMAIL" 2>/dev/null||echo "Email alert failed"
    fi

    # Log alert
    echo "$(date): $alert_type - $count items" >> "$LOG_DIR/alerts.log"
\\\\}

# Function to generate monitoring report
generate_monitoring_report() \\\\{
    echo "[+] Generating monitoring report"

    local report_file="$LOG_DIR/monitoring_report_$(date +%Y%m%d).html"

    # Collect recent scan data
    python cloud_scout.py generate-monitoring-report \
        --input-dir "$LOG_DIR" \
        --timeframe 24h \
        --output "$report_file" \
        --include-trends \
        --include-alerts

    echo "  [+] Monitoring report generated: $report_file"
\\\\}

# Function to cleanup old logs
cleanup_logs() \\\\{
    echo "[+] Cleaning up old monitoring logs"

    # Keep logs for 30 days
    find "$LOG_DIR" -name "scan_*.json" -mtime +30 -delete
    find "$LOG_DIR" -name "changes_*.json" -mtime +30 -delete
    find "$LOG_DIR" -name "analysis_*.json" -mtime +30 -delete

    # Keep reports for 90 days
    find "$LOG_DIR" -name "monitoring_report_*.html" -mtime +90 -delete
\\\\}

# Function to check system health
check_system_health() \\\\{
    echo "[+] Checking system health"

    # Check Cloud Scout installation
    if ! python -c "import cloud_scout" 2>/dev/null; then
        echo "[-] Cloud Scout not available"
        send_security_alert "SYSTEM_ERROR" "1" "/dev/null"
        return 1
    fi

    # Check cloud provider connectivity
    local connectivity_issues=0

    if ! python cloud_scout.py test-aws-connectivity 2>/dev/null; then
        echo "[-] AWS connectivity issues"
        connectivity_issues=$((connectivity_issues + 1))
    fi

    if ! python cloud_scout.py test-azure-connectivity 2>/dev/null; then
        echo "[-] Azure connectivity issues"
        connectivity_issues=$((connectivity_issues + 1))
    fi

    if ! python cloud_scout.py test-gcp-connectivity 2>/dev/null; then
        echo "[-] GCP connectivity issues"
        connectivity_issues=$((connectivity_issues + 1))
    fi

    if [ $connectivity_issues -gt 0 ]; then
        send_security_alert "CONNECTIVITY_ISSUES" "$connectivity_issues" "/dev/null"
    fi

    # Check disk space
    local disk_usage=$(df "$LOG_DIR"|awk 'NR==2 \\\\{print $5\\\\}'|sed 's/%//')
    if [ "$disk_usage" -gt 90 ]; then
        echo "[-] Disk space critical: $\\\\{disk_usage\\\\}%"
        send_security_alert "DISK_SPACE_CRITICAL" "$disk_usage" "/dev/null"
    fi

    return 0
\\\\}

# Main monitoring loop
echo "[+] Starting continuous cloud security monitoring"
echo "[+] Check interval: $((CHECK_INTERVAL / 60)) minutes"
echo "[+] Alert webhook: $ALERT_WEBHOOK"

while true; do
    echo "[+] Starting monitoring cycle at $(date)"

    # Check system health
    if check_system_health; then
        # Perform monitoring scan
        if perform_monitoring_scan; then
            echo "  [+] Monitoring scan completed successfully"
        else
            echo "  [-] Monitoring scan failed"
            send_security_alert "SCAN_FAILURE" "1" "/dev/null"
        fi
    fi

    # Generate daily report and cleanup
    if [ "$(date +%H)" = "06" ]; then  # 6 AM
        generate_monitoring_report
        cleanup_logs
    fi

    echo "[+] Monitoring cycle completed at $(date)"
    echo "[+] Next check in $((CHECK_INTERVAL / 60)) minutes"

    sleep "$CHECK_INTERVAL"
done

Intégration avec d'autres outils

SIEM Intégration

# Export Cloud Scout data to SIEM formats
python cloud_scout.py export-siem \
    --format splunk \
    --input scan-results.json \
    --output cloud-scout-events.json

# Send alerts to SIEM
python cloud_scout.py send-siem-alert \
    --siem-endpoint https://siem.company.com/api \
    --alert-data high-risk-findings.json

Intégration Terraform

# Generate Terraform remediation code
python cloud_scout.py generate-terraform \
    --input security-findings.json \
    --output remediation.tf

# Validate Terraform against Cloud Scout policies
python cloud_scout.py validate-terraform \
    --terraform-dir ./infrastructure \
    --policies config/security-policies.yaml

Intégration des pipelines CI/CD

# Cloud Scout in CI/CD pipeline
python cloud_scout.py pipeline-scan \
    --config config/pipeline.yaml \
    --fail-on-high-risk \
    --output pipeline-results.json

# Generate security gates
python cloud_scout.py generate-security-gates \
    --input pipeline-results.json \
    --output security-gates.yaml

Dépannage

Questions communes

Problèmes d'authentification

# Check AWS credentials
aws sts get-caller-identity

# Check Azure authentication
az account show

# Check GCP authentication
gcloud auth list

# Test Cloud Scout authentication
python cloud_scout.py test-auth --all-providers

Problèmes de performance

# Optimize scan performance
python cloud_scout.py optimize-scan \
    --max-threads 20 \
    --batch-size 100 \
    --timeout 300

# Monitor resource usage
python cloud_scout.py monitor-resources \
    --output resource-usage.log

Problèmes de collecte de données

# Debug data collection
python cloud_scout.py debug-collection \
    --provider aws \
    --region us-east-1 \
    --verbose

# Validate collected data
python cloud_scout.py validate-data \
    --input scan-results.json \
    --output validation-report.json

Ressources

• [Répertoire de GitHub du scoutisme du nuage] (LINK_7)
• [Sygnia Research] (LINK_7)
• [Pratiques exemplaires en matière de sécurité des nuages] (LINK_7)
• Documentation de sécurité du SSFE
• [Documentation de sécurité de l'Azure] (LINK_7)
• Documentation de sécurité du GCP
• [MITRE ATT&CK Nuage Matrix] (LINK_7)

---

*Cette feuille de triche fournit une référence complète pour l'utilisation de Cloud Scout pour la cartographie de sécurité du cloud et la visualisation du chemin d'attaque. Assurez-vous toujours d'avoir une autorisation appropriée avant de scanner les environnements nuageux. *