Project Description
This repo contains the code for Illumio security hub connector that allows customers to convert Illumio events into AWS security hub findings while enriching them with Illumio labels and EC2 metadata
Project Technology stack
The security hub connector is written in python3.6 and can run in a virtual environment with python3.6
Project workflow
The requirements for this project are recorded in requirements.txt file and need to be installed as explained in the Installation section below.
- Create a virtual environment with python 3.6 on a Linux machine in AWS. You can use the following link to do so: https://janikarhunen.fi/how-to-install-python-3-6-1-on-centos-7
- Once the virtual environment is setup, install the requirements for the package using the following command in the virtual environment
pip3 install -r requirements.txt - Clone this repository using the following command:
git clone https://github.com/illumiolabs/illumio-security-hub-connector.git - Setup the environment variables with the Illumio PCE API configuration information using the following commands:
export ILO_API_VERSION=2 # Replace PCE-URL with the PCE hostname in your deployment without the https export ILLUMIO_SERVER=PCE-URL:8443 export ILO_API_KEY_ID=API-KEY-ID export ILO_ORG_ID=1 export ILO_PORT=8443 export ILO_API_KEY_SECRET=API-KEY-SECRET - The API Key mentioned above can be obtained from the Illumio PCE.
- Also, verify that the above environment variables are visible when the following command is run inside the virtual environment, on the machine
env - Once the environment variables are set, make sure that no other credentials exist in $HOME/.illumio directory
- Run the following command to start the Illumio security hub connector:
cd illumio-security-hub-connector/src; sh run.sh - The service will log in illumio-security-hub-connector/src/app.log file
The AWS Security Hub integration code and Lambda Function for custom action is released and distributed as open source software subject to the LICENSE. Illumio has no obligation or responsibility related to the AWS Lambda Function with respect to support, maintenance, availability, security or otherwise. Please read the entire LICENSE for additional information regarding the permissions and limitations. You can engage with the author & contributors team and community on SLACK.
If you have questions, please use slack for asking them. If you have issues, bug reports, etc, please file an issue in this repository's Issue Tracker.
Instructions on how to contribute: CONTRIBUTING.
- Screencast demonstrating the project https://labs.illumio.com/dynamically-mitigate-potential-attacks-on-your-aws-environment
- Illumio documentation page for configuring Illumio ASP https://support.illumio.com/public/documentation/index.html