search

google / cloud-forensics-utils

Python library to carry out DFIR analysis on the Cloud
Apache License 2.0
464 stars 88 forks source link

Add ability to remove a service account attachment #281

Closed ramo-j closed 3 years ago

ramo-j commented 3 years ago

From [1]:

Feature - Upon discovery of a compromise, a operator should be able to quickly remove service accounts attached to instances to prevent any API activity from a malicious actor with access.

Note that an instance must be stopped to be able to remove the account, so, the instance is stopped first. An option to leave the instance in the stopped state, or to restart it is provided.

[1] https://github.com/google/cloud-forensics-utils/issues/278

codecov-io commented 3 years ago

Codecov Report

Merging #281 (2a91fa3) into master (e4448c6) will decrease coverage by 0.53%. The diff coverage is 66.27%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #281      +/-   ##
==========================================
- Coverage   65.39%   64.85%   -0.54%     
==========================================
  Files          14       29      +15     
  Lines         968     2151    +1183     
==========================================
+ Hits          633     1395     +762     
- Misses        335      756     +421
Flag Coverage Δ
nosetests 64.85% <66.27%> (-0.54%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...cloudforensics/providers/azure/internal/network.py 24.52% <24.52%> (ø)
libcloudforensics/providers/gcp/forensics.py 34.78% <28.28%> (-30.22%) :arrow_down:
libcloudforensics/providers/aws/internal/kms.py 40.00% <40.00%> (ø)
...ibcloudforensics/providers/gcp/internal/compute.py 51.01% <45.94%> (-11.34%) :arrow_down:
libcloudforensics/providers/aws/forensics.py 56.16% <53.06%> (-13.61%) :arrow_down:
...cs/providers/gcp/internal/compute_base_resource.py 37.33% <54.28%> (+0.82%) :arrow_up:
libcloudforensics/providers/aws/internal/log.py 73.07% <55.55%> (-4.20%) :arrow_down:
libcloudforensics/providers/gcp/internal/common.py 56.89% <57.44%> (+0.57%) :arrow_up:
...bcloudforensics/providers/gcp/internal/function.py 40.54% <62.50%> (+8.28%) :arrow_up:
...loudforensics/providers/azure/internal/resource.py 65.38% <65.38%> (ø)
... and 35 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 6e92335...2a91fa3. Read the comment docs.