Prowler Integration
Last updated
Was this helpful?
Last updated
Was this helpful?
The CyberCyte portal can integrate with Gophish for further analysis and investigations. To integrate, please follow these steps:
Navigate to "MSSP“ -> "SUPERORG Management", it will automaticly trigger the background job.
Login to the Linux server for deployment of the cloud scanner component. Please use SFTP for uploading the component to the server (CyberCyte will prove the scanner component). Execute these comments below on the Linux server:
chmod +x /tmp/CyberCyteCloudExposureScanner-<version>
mv CyberCyteCloudExposureScanner-<version> CyberCyteCloudExposureScanner
/tmp/CyberCyteCloudExposureScanner --setup
This commands for inital deployment. For the upgrade please execute these commands:
chmod +x /tmp/CyberCyteCloudExposureScanner-<version>
mv CyberCyteCloudExposureScanner-<version> CyberCyteCloudExposureScanner
/tmp/CyberCyteCloudExposureScanner --update
After initial setup please configure settings.json with these values below:
{
"concurrent_orgs": 5, -> How many org that can be handled at the same time,
"endpoint_url": "" -> The portal address
}
Start the service after the configuration with these command below:
./CyberCyteCloudExposureScanner --install-service
After the starting the service it should be appear under the “/#/console/cloud_exposure_scanner_settings”.
To create a credential for AWS or Azure Cloud services used in the infrastructure, we need to follow the steps below:
Login to the Azure portal and navigate to “App Registrations” and create an app with “Single Tenant” with no URL.
On the created app, configure API permissions with permiting these values below:
Directory.Read.All
Policy.Read.All
UserAuthenticationMethod.Read.All (optional, for MFA checks)
Save and grant the permissions.
Navigate “Certificates & Secrets” and click on the “Add Client Secret” inside of the app. This action will create an new secret. The “Value” is client secret and under the “Overview” section there is “Tenant ID” and “Subscription ID”. Save these values, we will use that values in the next steps.
Take some of the role form Prowler’s official repository and save it as a json file:
Configure json files values like this:
"assignableScopes": [
"/subscriptions/<SUBSCRIPTION ID>"
],
After configuration, please navigate to Azure portal again, under the “Subscription” → “IAM” click on “+Add” button and save .json file as a custom role. After adding the custom role, click on the “+ Add Role Assignment” and assign this role as a applicaiton member.
Back to the CyberCyte portal and create a credential with selecting “Graph API”.
For creating a policy select "Scenario/Discovery/Integration" -> "Cloud Configuration”. Select the credential, the group assignment is not important.
We can observe the results under the “Security Assurance”: “/#/security_assurance/cloud_configuration_management/security_controls_prowler_results”
Please login to the AWS portal and navigate to “AIM” → “My Security Credentails” (). Under the “Access Keys” we need to create an access key and secret key, then take these values to the CyberCyte portal.
