A python module for orchestrating content acquisitions and light analysis via amazon ssm.
Project description
ssm-acquire
A python module for orchestrating content acquisitions and analysis via amazon ssm. Note: This is a pre-release.
Free software: MPL 2.0 License
Features
Acquire memory from a linux instance to an S3 bucket using SSM.
Interrogate an instance for top-10 IOCs using OSQuery and save the jsonified output.
Analyze a memory sample on a machine using docker.
Create a rekall profile using an instance as a build target running the Amazon SSM Agent.
Usage
Sample Cli Usage
pip install ssm_acquire Usage: ssm_acquire [OPTIONS] ssm_acquire a rapid evidence preservation tool for Amazon EC2. Options: --instance_id TEXT The instance you would like to operate on. --region TEXT The aws region where the instance can be found. --build Specify if you would like to build a rekall profile with this capture. --acquire Use linpmem to acquire a memory sample from the system in question. --interrogate Use OSQuery binary to preserve top 10 type queries for rapid forensics. --analyze Use docker and rekall to autoanalyze the memory capture. --deploy Create a lambda function with a handler to take events from AWS GuardDuty. --help Show this message and exit.
Credits
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.
History
0.1.0 (2018-11-10)
Initial Commit to Github
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ssm_acquire-0.1.0.4-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3a0bf0ad8a5675f7137f3d3f999fc7761fc61ae6bf5a67a5910d527721a22ee7 |
|
MD5 | 1d3a1f6e6ea76f204e837a1c550d32b7 |
|
BLAKE2b-256 | f28f93d76b6e8d38e226e2ea341fab6fc0bb06fff7f4047cccfcd42e95584200 |