SyntheticSun icon indicating copy to clipboard operation
SyntheticSun copied to clipboard

Published 20 hours ago verified publisher icon jonrau1

[PFR] SyntheticSun V2

Open jonrau1 opened this issue 4 years ago • 0 comments

Story As a user of SyntheticSun, I want to refactor a majority of the solution for ease of deployment and dynamic onboarding for logging sources.

Definition of Done

  • No more than 1 CFN template, if any at all
  • Dynamic creation of all WAF and GuardDuty components (Threat Intel Sets, WAF IP Sets)
  • Onboarding of FMS & baseline Policies
  • Buffer all logging with SQS
  • Dynamic onboarding of ALB and APIGW log sources
  • Add CloudFront & Route53 to Scope
  • New method to install Suricata on SSM-managed Instances
  • Updated Readme

Nice to Have N/A

Additional Information In the current form, SyntheticSun is little more than a POC, it was not meant for ease of deployment and relied too heavily on CFN. A majority of the CFN templates should be removed, and new scripts take its place, this goes for the build automation pieces especially given that you would need to use a StackSet in most regions

jonrau1 avatar Oct 03 '20 22:10 jonrau1