ElectricEye v2.0

We are thrilled to share the news that version 2.0 of ElectricEye has been published.  You can check it out here: https://github.com/jonrau1/ElectricEye

Over the past couple of months, DisruptOps has been contributing to ElectricEye, an open source project created by Jonathan Rau.  Working with Jonathan, we set out to enhance ElectricEye in a few key ways:

  • Add additional auditors
  • Improve testability of the auditors
  • Simplify development by merging the core and govcloud auditors
  • Add additional outputs for running locally (csv, json, Security Hub, DisruptOps)

What is ElectricEye

I’m going to cheat and just steal from the project README:

ElectricEye is a set of Python scripts (affectionately called Auditors) that continuously monitor your AWS infrastructure looking for configurations related to confidentiality, integrity and availability that do not align with AWS best practices. All findings from these scans will be sent to AWS Security Hub where you can perform basic correlation against other AWS and 3rd Party services that send findings to Security Hub. Security Hub also provides a centralized view from which account owners and other responsible parties can view and take action on findings. ElectricEye supports both AWS commercial and GovCloud Regions.

Why contribute to ElectricEye

First and foremost, ElectricEye is a great project supporting our mission to help customers improve the security of their cloud infrastructure.  Primary to that objective is the need to know what problems exist.  ElectricEye has over 200 checks covering more than 30 services identifying many common and critical configuration errors that can pose significant risk to an organization. In this release, the DisruptOps team added 17 new checks, 8 new AWS services, and 9 new auditors, demonstrating how the project can be extended to support your specific needs.

Second, the integration with Security Hub is a great design.  There are a number of open source projects designed to accomplish a similar goal of assessing cloud infrastructure for security configuration issues, but what sets ElectricEye apart is the native integration with Security Hub as a findings provider.  (This may not come as a surprise when you realize Jonathan’s previous role was Technical Program Manager at AWS for Security Hub.)  Managing all the issues that are discovered by a cloud scanner like ElectricEye or any of the other tools is a challenge.  Exporting to spreadsheets or reports is valuable for a one-off assessment, but not great for continuous assessment or management of the findings.  Instead, ElectricEye runs on a schedule as an ECS task to continuously produce findings and send them to AWS Security Hub.  Then, Security Hub can be used to track and manage the lifecycle of all findings.

Ultimately, our goal at DisruptOps is to help you improve your cloud security – which means these findings need to get resolved.  We believe effective cloud security operations is key to that mission.  Discovering problems is the first step and ElectricEye is a great example of how to accomplish that.  Fixing those problems is the critical next step.  This means bridging the gap between security and development.  Routing alerts to the right teams.  Integrating with existing operations platforms.  Tracking the lifecycle of issues. And ultimately, fixing the problem.  Automation is key to this process and core to what we do.  By supporting ElectricEye and integrating with Security Hub and other assessment products, we can help you quickly move past discovery and onto the work of fixing those findings.

Quick note of thanks…

A special thanks to our summer interns, Austin and Patrick, for all their work on this project.  A great accomplishment to get this PR merged.  Congratulations!

And of course to Jonathan – you published a great project and we have enjoyed working with you on it.  Look forward to continuing the work with you.