Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jpcertcc/surfaceanalysis-on-cloud
Surface Analysis System on Cloud
https://github.com/jpcertcc/surfaceanalysis-on-cloud
aws malware-analysis terraform
Last synced: 1 day ago
JSON representation
Surface Analysis System on Cloud
- Host: GitHub
- URL: https://github.com/jpcertcc/surfaceanalysis-on-cloud
- Owner: JPCERTCC
- License: other
- Created: 2022-10-24T06:31:43.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-21T01:18:03.000Z (11 months ago)
- Last Synced: 2023-12-21T04:30:29.947Z (11 months ago)
- Topics: aws, malware-analysis, terraform
- Language: HCL
- Homepage:
- Size: 187 KB
- Stars: 18
- Watchers: 6
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Surface Analysis System on Cloud
This repository is a PoC for surface analysis of malware on AWS.
## Requirements Service
Get an account for the following services.
* AWS
* GitHub
* VirusTotal Private API Key
## How to Use
### Clone or Fork This Repository
```bash
$ git clone https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud.git
```
### Setup Configuration
#### variables.tf
```python
# Region to build the system
variable "region" {
default = "us-east-1"
}
# Docker image name
variable "image_name" {
default = "malware-analysis"
}
# Dockerfile directory
variable "docker_dir" {
default = "docker"
}
# Analysis script directory
variable "codecommit_dir" {
default = "analysis_script"
}
# Username to commit to Codecommit
variable "codecommit_username" {
default = "terraformer"
}
# E-mail to commit to Codecommit
variable "codecommit_email" {
default = "[email protected]"
}
# System name to build on AWS
variable "app_name" {
default = "malware-analysis"
}
# IP address to access API Gateway and S3
variable "trusted_ip" {
default = "192.168.1.1/32"
}
# Network address used by VPC
variable "cidr_block_vpc" {
default = "172.20.0.0/16"
}
# VirusToal Private API key
variable "vt_api_key" {
default = ""
}
# AWS access key
variable "aws_access_key_id" {
default = ""
}
# AWS secret access key
variable "aws_secret_access_key" {
default = ""
}
# twitter bearer token
variable "twitter_token" {
default = ""
}
# E-mail to notify the analysis status
variable "sns_email" {
default = ""
}
```
### Setup GitHub Actions
Set GitHub Actions secrets.
* AWS_ACCESS_KEY_ID
* AWS_SECRET_ACCESS_KEY
* AWS_ACCOUNT_NUMBER
* AWS_REGION
How to use GitHub Actions secrets. https://docs.github.com/en/actions/security-guides/encrypted-secrets
Finally, commit the repository to GitHub.