Skip to content
/ splunk-cloud-assets Public

Splunk-compatible input scripts to collect asset information from Aliyun, AWS, Cloudflare

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

spacepatcher/splunk-cloud-assets

BranchesTags

Repository files navigation

Python 3.9.9

splunk-cloud-assets

About

This repository contains Splunk input scripts to collect assets from cloud providers:

  • Aliyun
  • AWS (only Amazon Route 53)
  • Cloudflare

I focus on gathering information about assets that are accessable from Internet. Аny information about vulnerabilities interests me as well.

Cloud API

List of API functions used to collect data from cloud providers.

Aliyun:

  • DescribeCloudCenterInstances
  • DescribeGroupedContainerInstances
  • DescribeDomainList
  • DescribeDomainDetail
  • DescribeExposedInstanceList
  • DescribeAllEntity
  • DescribeVulList

AWS (only Amazon Route 53):

  • ListHostedZones
  • ListResourceRecordSets

Cloudflare:

  • ListZones
  • ListDNSRecords

Usage

As already mentioned, the scripts are designed primarily as Splunk data inputs.

Bash wrappers are used to activate Python environment and pass parameters to the startup. Wrappers with parameters are set in Splunk when creating a new local script input.

But nothing prevents you from using scripts separately from Splunk.

Init

Replace these lines in Python scripts with secrets for accessing cloud accounts:

  • <ALI_ID>
  • <ALI_SECRET>
  • <AWS_ID>
  • <AWS_KEY>
  • <CF_EMAIL>
  • <CF_TOKEN>

About

Splunk-compatible input scripts to collect asset information from Aliyun, AWS, Cloudflare

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages