search

GoogleCloudPlatform / security-response-automation

Take automated actions against threats and vulnerabilities.
Apache License 2.0
208 stars 52 forks source link

Migrate firewallscanner to router #142

Closed daniel-cit closed 4 years ago

daniel-cit commented 4 years ago

Migration of

handling to router(open_firewall)

PagerDuty was also moved from settings.json to config.yaml

tomscript commented 4 years ago

Awesome ya +1 to split up. Thanks Daniel :)

On Wed, Dec 18, 2019, 4:18 PM daniel-cit notifications@github.com wrote:

@daniel-cit commented on this pull request.

In cloudfunctions/gce/openfirewall/openfirewall.go https://github.com/GoogleCloudPlatform/security-response-automation/pull/142#discussion_r359633422 :

  • PagerDuty struct {
  • Enabled bool
  • APIKey string
  • ServiceID string
  • From string
  • } }

I based this on createsnapshot:

type Values struct { DryRun bool ProjectID string RuleName string Instance string Zone string Output []string

Turbinia struct { ProjectID string Topic string Zone string } }

it needs to be in the values to be passed from in the marshaled message from the router to the openfirewall CF in the CF topic

But I agree the it should not now these details, it should just know what it wants to send and the automation has all the information to choose the correct channel.

I will remove the PagerDuty part for now and in another PR create a POC for the output

— You are receiving this because your review was requested. Reply to this email directly, view it on GitHub https://github.com/GoogleCloudPlatform/security-response-automation/pull/142?email_source=notifications&email_token=AAXRKKVGICON6CWXCFGEMCLQZK4UFA5CNFSM4J4PA7LKYY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOCPW26UI#discussion_r359633422, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXRKKTH43FP6D4PTQ2OGD3QZK4UFANCNFSM4J4PA7LA .