PacBot (Policy as Code Bot)
Starting with Release 2.0, PacBot supports Multi Cloud Compliance (AWS & Azure). This enables us to see AWS & Azure Compliance in single place.
PacBot still runs on AWS Infrastructure, but now has the capability to collect data from AWS & Azure. Users can see security-center/policy-compliance and custom polices in PacBot.
PacBot collects data for 25+ Azure Services, including computing, storage, databases, networking and Security Center services.
PacBot supports the following dashboards for visualizing Azure data
50+ Azure policies are now included with PacBot. Details of these policies can be found here.
PacBot utilizes Service Principals to enable Azure data collection. A Service Principal must be provisioned in each tenant to have read access to the services in subscriptions to be monitored.
To enable Azure Compliance in PacBot, configure the client ID and secret ID of the service principal in each tenant as follows:
https://github.com/tmobile/pacbot/issues/255 https://github.com/tmobile/pacbot/issues/252
Default job frequency for vulnerability management is changed to once per day, this is to limit the compute required to process the data multiple times in a day, as the data change frequency is low.
Organizations around the world use the Internet as an important global resource. However, connecting with the Internet leaves your company network exposed to many threats. It's time to bring your business up-to-date on the definition of good vulnerability management.
PacBot pulls data from Qualys and generates dashboards for the following vulnerability reports: • Vulnerabilities Compliance trend • Vulnerabilities Summary by Severity (S3/S4/S5) • Average Aging By Severity • Trend of Total And Compliant Assets
Details of new policy Autofixes can be found here.
Details of new policies can be found here.
The Vulnerability Management feature has been introduced as optional service. Follow the steps below to enable it: • Update local.py file with value 'True' for ENABLE_VULNERABILITY_FEATURE setting. • Update QUALYS_API_URL and QUALYS_INFO with the appropriate values. • Run 'sudo python3 redeploy' to enable this feature if PacBot is already installed, or 'sudo python3 install' for a new installation.
https://github.com/tmobile/pacbot/issues/274
https://github.com/tmobile/pacbot/issues/276
https://github.com/tmobile/pacbot/issues/270
User can modify local.py settings file and can add required tags to the setting variable, CUSTOM_RESOURCE_TAGS.
The Recommendations screen displays data from AWS Trusted Advisor for AWS assets in the areas of Cost Optimization, Performance, Security and Fault Tolerance.
The Health Notifications screen displays data from the AWS Personal Health Dashboard for AWS assets as well as Autofixes. These notifications can be specific to a single asset, for multiple assets or for the account overall. Autofix notification details show the timeline of the plan to address the discovered issue, from the first email sent when the issue is discovered to the application of the fix.
Ability to easily copy text such as asset IDs and policy IDs by clicking on the 'copy' icon wherever it appears.
In this release, we added the ability to install PacBot using instance roles. Users now have the option to install PacBot using the instance role from the location the installer runs, in addition to the previously existing access key and secret-based installations.
RDS database endpoints should not be publicly accessible.
Elasticsearch endpoint should not be open to internet.
Security groups should not be in unused state.
Details of the available auto remediations can be found here.
Details on how to write an auto remediation can be found here.
Details of new policies can be found here.
Installation details for these new features can be found here.
https://github.com/tmobile/pacbot/issues/255 https://github.com/tmobile/pacbot/issues/252
Details of the available Autofixes can be found here.
Details of how to write Autofixes can be found here.
Details of the new policies can be found here.
https://github.com/tmobile/pacbot/issues/165
Thanks to @Braavos96 for https://github.com/tmobile/pacbot/pull/218
ALB-terminated SSL option is now available and can be selected while installing PacBot.
Infrastructure upgrade option is now available with upgrade command.
One button to stop all PacBot inventory collection and rule scans.
Details of new policies can be found here.
https://github.com/tmobile/pacbot/issues/179 https://github.com/tmobile/pacbot/issues/177 https://github.com/tmobile/pacbot/issues/171 https://github.com/tmobile/pacbot/issues/142
Thanks to @avinashKumar-11 and @sonawanesangram from T-Systems for b4bf2cb and 04388fb
Details of newly released policies can be found here
Notification will allow users to send issue-details in a email. Details are available here
This will help reduce PacBot running cost.
This will help managing the configuration using Admin console
https://github.com/tmobile/pacbot/issues/138 https://github.com/tmobile/pacbot/issues/122 https://github.com/tmobile/pacbot/issues/117 https://github.com/tmobile/pacbot/issues/53 https://github.com/tmobile/pacbot/issues/17 https://github.com/tmobile/pacbot/issues/16
50+ new rules added Details of newly released policies can be found here
https://github.com/tmobile/pacbot/issues/75 https://github.com/tmobile/pacbot/issues/70 https://github.com/tmobile/pacbot/issues/55 https://github.com/tmobile/pacbot/issues/54 https://github.com/tmobile/pacbot/issues/37 https://github.com/tmobile/pacbot/issues/34 https://github.com/tmobile/pacbot/issues/31
PacBot release 1.0
Modules - Cloud Discovery - Rule Engine - Managed Rules - Micro Services - UI