├── .cfnlintrc ├── .editorconfig ├── .github └── dependabot.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CODEOWNERS ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── doc ├── architecture.drawio └── architecture.png ├── events ├── guardduty_ec2_event.json ├── guardduty_iam_event.json └── guardduty_s3_event.json ├── pyproject.toml ├── requirements-dev.txt ├── src ├── quarantine │ ├── __init__.py │ ├── constants.py │ ├── lambda_handler.py │ ├── plugins │ │ ├── 01_console_screenshot.py │ │ ├── 02_capture_metadata.py │ │ ├── 03_termination_protection.py │ │ ├── 04_shutdown_behavior.py │ │ ├── 05_preserve_volumes.py │ │ ├── 06_tag_instance.py │ │ ├── 07_snapshot_volumes.py │ │ ├── 08_command_output.py │ │ ├── 09_detach_from_asg.py │ │ ├── 10_deregister_instance.py │ │ ├── 11_isolate_instance.py │ │ ├── __init__.py │ │ └── abstract_plugin.py │ ├── resources │ │ ├── __init__.py │ │ ├── autoscaling.py │ │ ├── ec2.py │ │ ├── elb.py │ │ ├── elbv2.py │ │ ├── s3.py │ │ ├── sns.py │ │ └── ssm.py │ ├── schemas.py │ └── utils.py └── requirements.txt └── template.yml /.cfnlintrc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/.cfnlintrc -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/.editorconfig -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @jplock 2 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/README.md -------------------------------------------------------------------------------- /doc/architecture.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/doc/architecture.drawio -------------------------------------------------------------------------------- /doc/architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/doc/architecture.png -------------------------------------------------------------------------------- /events/guardduty_ec2_event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/events/guardduty_ec2_event.json -------------------------------------------------------------------------------- /events/guardduty_iam_event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/events/guardduty_iam_event.json -------------------------------------------------------------------------------- /events/guardduty_s3_event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/events/guardduty_s3_event.json -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/pyproject.toml -------------------------------------------------------------------------------- /requirements-dev.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/requirements-dev.txt -------------------------------------------------------------------------------- /src/quarantine/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/__init__.py -------------------------------------------------------------------------------- /src/quarantine/constants.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/constants.py -------------------------------------------------------------------------------- /src/quarantine/lambda_handler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/lambda_handler.py -------------------------------------------------------------------------------- /src/quarantine/plugins/01_console_screenshot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/01_console_screenshot.py -------------------------------------------------------------------------------- /src/quarantine/plugins/02_capture_metadata.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/02_capture_metadata.py -------------------------------------------------------------------------------- /src/quarantine/plugins/03_termination_protection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/03_termination_protection.py -------------------------------------------------------------------------------- /src/quarantine/plugins/04_shutdown_behavior.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/04_shutdown_behavior.py -------------------------------------------------------------------------------- /src/quarantine/plugins/05_preserve_volumes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/05_preserve_volumes.py -------------------------------------------------------------------------------- /src/quarantine/plugins/06_tag_instance.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/06_tag_instance.py -------------------------------------------------------------------------------- /src/quarantine/plugins/07_snapshot_volumes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/07_snapshot_volumes.py -------------------------------------------------------------------------------- /src/quarantine/plugins/08_command_output.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/08_command_output.py -------------------------------------------------------------------------------- /src/quarantine/plugins/09_detach_from_asg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/09_detach_from_asg.py -------------------------------------------------------------------------------- /src/quarantine/plugins/10_deregister_instance.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/10_deregister_instance.py -------------------------------------------------------------------------------- /src/quarantine/plugins/11_isolate_instance.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/11_isolate_instance.py -------------------------------------------------------------------------------- /src/quarantine/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/__init__.py -------------------------------------------------------------------------------- /src/quarantine/plugins/abstract_plugin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/plugins/abstract_plugin.py -------------------------------------------------------------------------------- /src/quarantine/resources/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/__init__.py -------------------------------------------------------------------------------- /src/quarantine/resources/autoscaling.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/autoscaling.py -------------------------------------------------------------------------------- /src/quarantine/resources/ec2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/ec2.py -------------------------------------------------------------------------------- /src/quarantine/resources/elb.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/elb.py -------------------------------------------------------------------------------- /src/quarantine/resources/elbv2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/elbv2.py -------------------------------------------------------------------------------- /src/quarantine/resources/s3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/s3.py -------------------------------------------------------------------------------- /src/quarantine/resources/sns.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/sns.py -------------------------------------------------------------------------------- /src/quarantine/resources/ssm.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/resources/ssm.py -------------------------------------------------------------------------------- /src/quarantine/schemas.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/schemas.py -------------------------------------------------------------------------------- /src/quarantine/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/src/quarantine/utils.py -------------------------------------------------------------------------------- /src/requirements.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /template.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/amazon-guardduty-automated-response-sample/HEAD/template.yml --------------------------------------------------------------------------------