Cloud Inquisitor improves the security posture of an AWS footprint through:
- monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved.
- detecting domain hijacking.
- verifying security services such as Cloudtrail and VPC Flowlogs.
- managing IAM policies across multiple accounts.
Typically Cloud Inquisitor runs in a “Security” or “Audit” account with cross-account access through the use of AssumeRole.
Cloud Inquisitor works on Python 3.5 or higher and Ubuntu 16.04.
- Production deployment is done through Packer.
- Development supports deployment via Docker or Packer.
Please see the Resources section below for further information.
By default, the front-end dashboard shows:
- EC2 Instances that are running or stopped and which instances have a public IP.
- Percentage of required tags compliance per account.
Below is a sample screenshot showing what the dashboard looks like:
On the left-hand side of the UI, you are able to directly examine raw data:
- EC2 Instances – shows all the EC2 Instance data that Cloud Inquisitor possess,
which should represent all EBS volumes in use in your AWS infrastructure * EBS Volumes – shows all the EBS Volume data that Cloud Inquisitor possess, which should represent all EBS volumes in use in your AWS infrastructure * DNS – shows all the dns data that Cloud Inquisitor possess (shown below, the first screenshot) * Search – this gives you the ability to search for instances across the Cloud Inquisitor database. The
search page has help functionality within the page as shown below
On the left-hand side, there are a bunch of admin options such as :
- Audit Log
In the Accounts section, you can review the current accounts that Cloud Inquisitor is auditing and modify accordingly. For example, to add a new account, select the dialog button on the very bottom right-hand side of the screen and select the “+” as shown below:
and then you can create your new account on the following screen:
The Config section is quite detailed and this is where you can perform extensive configuration on:
- Authentication (Local/SAML)
- Notifications (Email/Slack)
Below is a sample screenshot showing what the config capabilities look like:
Copyright 2017 Riot Games