activity-bot v3.3.23-4

Steps to capture RTM events for integration test

Setup Real-time Monitoring

1. Prepare your aws:

   a. Setup CloudTrail

   • Goto Trails > Create Trail (leave settings as default).
   • Under Storage location, Create a new S3 bucket.

   b. Goto IAM > Roles > CloudConformity (under Role name) > Trust relationships (tab) > Edit trust relationship.

   • Duplicate an existing object in the Statement array and insert your new Cloud Conformity Account Id from step 4b in the next section:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::[your existing Cloud Conformity Account Id]:root"
			},
			"Action": "sts:AssumeRole",
			"Condition": {
				"StringEquals": {
					"sts:ExternalId": "obfuscated"
				}
			}
		},
		{
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::[your new Cloud Conformity Account Id]</b>::root"
			},
			"Action": "sts:AssumeRole",
			"Condition": {
				"StringEquals": {
					"sts:ExternalId": "obfuscated"
				}
			}
		}
	]
}

2. Setup CloudTrail

   a. Goto Trails > Create Trail (leave settings as default)

   b. Choose the S3 bucket you have setup previously.

Setup in the Cloud Conformity development platform:

1. Setup new account in wdevelopement.cloudconformity.com. You can use your company email if not already registered. You can register another account in the format of “your.name+whatevermeaningful@cloudconformity.com”.
2. Verify your registration with an email sent to your main company email account.
3. You should now be logged in to https://wdevelopment.cloudconformity.com/sign-in.html.

4. Add a test account.

   a. In authentication type, choose “Manual setup”.

   b. Copy Cloud Conformity Account ID and paste as required in step 1c in the section above.

   c. Paste ARN from AWS.

5. Choose the account from the left panel, goto “Settings” in the top right corner.

6. In the “Jump to” list, select “Real-time monitoring settings”.
7. Goto “Update real-time settings” in the top left corner.
8. Click link at the bottom Read our how-to guide (new window) about setting up real-time monitoring.
9. Follow the steps in the guide.
10. On a computer that has AWS CLI setup and authenticated, run the bash or powershell script (depending on your OS) from “Real-time Monitoring Settings”.

Capturing the event

1. Create an event in your AWS account, a simple one to test would be just to create a new S3 bucket.
2. Goto the CC dashboard > Open monitoring dashboard, you should now see an event for the S3 bucket you have just created.
3. Login to Cloud Conformity Applications > Amazon Web Services > Select a role for the platform that you are working on > Lambda > select the lambda function that you need (eg: activity-bot-v1-resourceChecker) > Monitoring > Check the logs in "Recent Invocations".

4. Find the relevant log and look for an event.

   Example:

   2019-07-19T02:01:24.273Z	ed518f8f-e696-4011-a41c-dbad8e5ce302	[INFO] Received event: { "accountId":

   In the contents you should find the event that you need:

   Example:

   {
   	"accountId": "vky0rGiDO",
   	"resource": {
   		"descriptorType": "s3-bucket",
   		"service": "S3",
   		"resourceId": "my-test-s3-bucket546",
   		"region": "global",
   		"ccrn": "ccrn:aws:vky0rGiDO:S3:global:my-test-s3-bucket546"
   	},
   	"id": "TgWKhD3IoUoT_zmTFZT",
   	"identity": "AWS System",
   	"time": 1563501652000
   }

5. Copy the event and paste it in the 'event' variable of your integration test.

6. Your test should now run.

Further Reading / Useful Links

Real-Time Threat Monitoring

List of Real-Time threat monitoring checks

How to setup Cloud Conformity Real-time threat monitoring?