Sign up to save your podcasts
Or
Share Threat Detection: Using Cisco’s SecureX with the Securitytrails Module
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Threat Detection: Using Cisco’s SecureX with the Securitytrails Module
Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
Are you a Cisco SecureX user? Conducting cyber threat intelligence campaigns? Now you can integrate the Securitytrails AP-I into your existing SecureX Dashboards, by using a serverless relay running Amazon's Lambda infrastructure.
Cisco SecureX is a cloud-native platform that allows you to connect your infrastructure to create one unified dashboard and increase visibility. This platform allows you to maximize your operational efficiency while reducing threat responsiveness, through a series of available automated workflows.
Using the Cisco SecureX platform in conjunction with the Securitytrails AP-I module will empower your infosec efforts by taking your cyber threat intelligence endeavors to the next level.
Securitytrails integration how-to
Today we're addressing the module's installation and configuration so you can get it ready to go.
The idea behind this setup is to configure a serverless instance using Amazon's Lambda platform. This allows the exchanging of information between our service and Cisco's—without the need to install dedicated infrastructure that adds a fixed additional cost to your Opex.
Getting the code
First off, you can find all of the code plus the documentation on Cisco Security's Github repository, located here. The complete environment configuration does involve plenty of steps and can be tricky, but we'll do our best to make it as simple and self-explanatory as possible.
To begin configuring, you'll need to clone all the code. Start by running the git clone command, then enter the recently created folder as shown:
In this folder, you'll find all the necessary files and folders to upload the relay into Lambda.
You must verify the Zappa configuration by checking the zappa_settings.json file included in the cloned folder:
Amazon Web Services configuration
Configuring AWS can be a difficult task in itself, so we'll explain every step to help you get this relay to work:
Configure a new user on IAM (Identity and Access Management).
Retrieve user credentials and place them in your OS's environment for Zappa to use them.
Configure the deployment policy for the serverless user to create the whole environment.
Configure the execution policy for the serverless user to run the relay.
Now let's get into specifics.
User setup
Getting this deployment to work properly requires an existing user with a specific role and a set of policies that constrain what this application can and cannot do.
This is done by following the steps below:
Open your AWS console in
Choose your desired application region (in this example we'll use US-East-1).
Enter the IAM by clicking Services, History, IAM located at the top menu to the left of the screen.
Click Access Management, Users located on the left menu.
Click on Add User as shown in the image below.
For this deployment, the documentation recommends we set up the user's name to **serverless** and leave the **Programmatic access** checkbox on.
Click on the **Next: Permissions** button followed by **Next: Review**, and once this is done you're ready to hit the **Create user** button to finish. As you receive the success message, it's possible you'll get an additional **no permissions** warning; this is correct and will be solved afterward.
To finalize, you need to download the credentials file as shown above. By clicking on the **Download .csv** button you'll receive a pair of keys that needs to be placed inside your local configuration files, as stated in the documentation:
"Once the user is created and the credentials are downloaded, the best way to store that data is to put it into your AWS credentials file usually located on **~/.aws/credentials** (Linux and Mac) or **%USERPROFILE%\.aws\credentials** (Windows).
Each profile can also specify different AWS regions and output formats in the AWS config file us...
View all episodes
By SecurityTrailsNote: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
Are you a Cisco SecureX user? Conducting cyber threat intelligence campaigns? Now you can integrate the Securitytrails AP-I into your existing SecureX Dashboards, by using a serverless relay running Amazon's Lambda infrastructure.
Cisco SecureX is a cloud-native platform that allows you to connect your infrastructure to create one unified dashboard and increase visibility. This platform allows you to maximize your operational efficiency while reducing threat responsiveness, through a series of available automated workflows.
Using the Cisco SecureX platform in conjunction with the Securitytrails AP-I module will empower your infosec efforts by taking your cyber threat intelligence endeavors to the next level.
Securitytrails integration how-to
Today we're addressing the module's installation and configuration so you can get it ready to go.
The idea behind this setup is to configure a serverless instance using Amazon's Lambda platform. This allows the exchanging of information between our service and Cisco's—without the need to install dedicated infrastructure that adds a fixed additional cost to your Opex.
Getting the code
First off, you can find all of the code plus the documentation on Cisco Security's Github repository, located here. The complete environment configuration does involve plenty of steps and can be tricky, but we'll do our best to make it as simple and self-explanatory as possible.
To begin configuring, you'll need to clone all the code. Start by running the git clone command, then enter the recently created folder as shown:
In this folder, you'll find all the necessary files and folders to upload the relay into Lambda.
You must verify the Zappa configuration by checking the zappa_settings.json file included in the cloned folder:
Amazon Web Services configuration
Configuring AWS can be a difficult task in itself, so we'll explain every step to help you get this relay to work:
Configure a new user on IAM (Identity and Access Management).
Retrieve user credentials and place them in your OS's environment for Zappa to use them.
Configure the deployment policy for the serverless user to create the whole environment.
Configure the execution policy for the serverless user to run the relay.
Now let's get into specifics.
User setup
Getting this deployment to work properly requires an existing user with a specific role and a set of policies that constrain what this application can and cannot do.
This is done by following the steps below:
Open your AWS console in
Choose your desired application region (in this example we'll use US-East-1).
Enter the IAM by clicking Services, History, IAM located at the top menu to the left of the screen.
Click Access Management, Users located on the left menu.
Click on Add User as shown in the image below.
For this deployment, the documentation recommends we set up the user's name to **serverless** and leave the **Programmatic access** checkbox on.
Click on the **Next: Permissions** button followed by **Next: Review**, and once this is done you're ready to hit the **Create user** button to finish. As you receive the success message, it's possible you'll get an additional **no permissions** warning; this is correct and will be solved afterward.
To finalize, you need to download the credentials file as shown above. By clicking on the **Download .csv** button you'll receive a pair of keys that needs to be placed inside your local configuration files, as stated in the documentation:
"Once the user is created and the credentials are downloaded, the best way to store that data is to put it into your AWS credentials file usually located on **~/.aws/credentials** (Linux and Mac) or **%USERPROFILE%\.aws\credentials** (Windows).
Each profile can also specify different AWS regions and output formats in the AWS config file us...