-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* [DC] GitHub Webhook via S3 (#270) * [DC] Okta Connector Enhancement (#282) * [DC] Azure Subscription Connector supports Gov cloud (#281) * [Handlers] SES, SNS, Twilio, Stored Procedure, SMTP (#284) * [DC] Crowdstrike devices via API (#279) * [DC] Add Crowdstrike API Connector * [DC] Crowdstrike Static Analysis (#287) * [DC] Cisco Umbrella Connector (#280)
- Loading branch information
1 parent
60edab7
commit ff8176e
Showing
23 changed files
with
1,414 additions
and
185 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,3 +14,4 @@ src/**/lib/ | |
venv | ||
*.db | ||
*.egg-info | ||
.vscode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
## Getting GitHub Webhooks into S3 | ||
|
||
GitHub allows Organization or Repository admins to set up webhooks for delivery to endpoints. [Webhooks](https://developer.github.com/v3/activity/events/types/) can be | ||
triggered when | ||
|
||
- a new commit is pushed, | ||
- a branch is deleted, | ||
- a deploy key is added/removed from a repository, | ||
- a new download is created in GitHub, | ||
- GitHub package vulnerability alerts, or | ||
- [many others](https://developer.github.com/v3/activity/events/types/) | ||
|
||
SnowAlert does not yet natively support webhooks, or any other internet-facing infrastructure. Thus, a separate | ||
component is necessary to collect GitHub webhooks to S3 before using this connector to Snowflake. One way to | ||
accomplish this is to use the [below archiver](https://github.com/chanzuckerberg/cztack/tree/master/github-webhooks-to-s3#github-webhooks-to-s3) to send webhooks to an AWS API Gateway which invokes an AWS Lambda. | ||
After the Lambda processes the request, it is then sent to AWS Firehose to be formatted and put into S3. | ||
|
||
```hcl | ||
module "archiver" { | ||
source = "github.com/chanzuckerberg/cztack//aws-acm-certgithub-webhooks-to-s3?ref=v0.19.0" | ||
env = "${var.env}" | ||
project = "${var.project}" | ||
owner = "${var.owner}" | ||
service = "${var.component}" | ||
fqdn = "..." | ||
certificate_arn = "..." | ||
route53_zone_id = "..." | ||
} | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
## Okta Connector | ||
|
||
|
||
### Enhancing Okta Connector | ||
|
||
In the v1.8.5 Okta DC, we ingest not only log data from Okta, but also User and Group information. This new information is collected to separate tables which are created by the Okta DC at time of setup. | ||
|
||
If you'd like to manually create these tables for an existing connection, you can do so with SQL like the following. Note that you may need to replace 'default' with the custom identifier for your Okta connection. | ||
|
||
~~~ | ||
USE ROLE snowalert; | ||
SHOW TABLES LIKE 'okta_default_connection' IN DATA; --This gets you the comment for the table, which you will need later in this script. | ||
CREATE TABLE data.okta_default_users_connection (v VARIANT, event_time TIMESTAMP_LTZ); | ||
ALTER TABLE data.okta_default_users_connection SET COMMENT=' | ||
<the comment from your data.okta_default_connection table | ||
' | ||
CREATE TABLE data.okta_default_groups_connection (v VARIANT, event_time TIMESTAMP_LTZ); | ||
ALTER TABLE data.okta_default_groups_connection SET COMMENT=' | ||
<the comment from your data.okta_default_connection table | ||
' | ||
~~~ | ||
|
||
## Azure Subscription Connector | ||
|
||
### Supporting Gov Cloud | ||
|
||
In the v1.8.5 Azure Subscription DC, we support both commercial and governemnt cloud. This support is enabled with an extra connection option (cloud_type: reg for commercial, cloud_type: gov for government) that must be added to your connection table, like so. | ||
|
||
~~~ | ||
USE ROLE snowalert; | ||
SHOW TABLES LIKE 'azure_subscription%' IN DATA; --This gets you the comment for the table. | ||
ALTER TABLE data.azure_subscription_default_connection SET COMMENT=' | ||
--- | ||
module: azure_subscription | ||
cloud_type: reg | ||
client_id: <CLIENT_ID> | ||
tenant_id: <TENANT_ID> | ||
client_secret: <CLIENT_SECRET> | ||
'; | ||
ALTER TABLE data.azure_subscription_default_gov_connection SET COMMENT=' | ||
--- | ||
module: azure_subscription | ||
cloud_type: gov | ||
client_id: <CLIENT_ID> | ||
tenant_id: <TENANT_ID> | ||
client_secret: <CLIENT_SECRET> | ||
'; | ||
~~~ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.