| agent: | Auto Exec |
What is an "Expert"? How do we create our own expert?
Add credentials for various integrations
Managing workspaces and access control
DagKnows Architecture Overview
Setting up SSO via Azure AD for Dagknows
Enable "Auto Exec" and "Send Execution Result to LLM" in "Adjust Settings" if desired
(Optionally) Add ubuntu user to docker group and refresh group membership
Deployment of an EKS Cluster with Worker Nodes in AWS
Adding, Deleting, Listing DagKnows Proxy credentials or key-value pairs
Comprehensive AWS Security and Compliance Evaluation Workflow (SOC2 Super Runbook)
AWS EKS Version Update 1.29 to 1.30 via terraform
Instruction to allow WinRM connection
MSP Usecase: User Onboarding Azure + M365
Post a message to a Slack channel
How to debug a kafka cluster and kafka topics?
Open VPN Troubleshooting (Powershell)
Execute a simple task on the proxy
Assign the proxy role to a user
Create roles to access credentials in proxy
Install OpenVPN client on Windows laptop
Setup Kubernetes kubectl and Minikube on Ubuntu 22.04 LTS
Install Prometheus and Grafana on the minikube cluster on EC2 instance in the monitoring namespace
update the EKS versions in different clusters
AI agent session 2024-09-12T09:36:14-07:00 by Sarang Dharmapurikar
Parse EDN content and give a JSON out
Check whether a user is there on Azure AD and if the user account status is enabled
Get the input parameters of a Jenkins pipeline
Audit and Compliance Check for AWS Security Groups with Open SSH Ports
The workflow involves identifying AWS security groups that have incoming SSH traffic (port 22) open to the public, specifically to IP addresses 0.0.0.0/0 or ::/0. These security groups are flagged as NON_COMPLIANT due to the potential security risk of unrestricted access. Conversely, security groups that do not have such open access are marked as COMPLIANT. This process ensures that security groups adhere to best practices for network security by restricting unnecessary public access. The outcome is a clear distinction between compliant and non-compliant security configurations, aiding in maintaining a secure AWS environment.
- 1uwE75Pt6Ww5MobrdBQ7MList and Identify AWS security groups where incoming SSH traffic (port 22) is open to 0.0.0.0/0 or ::/0 and flag them as NON_COMPLIANT, while marking others as COMPLIANT.
1
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.The script lists AWS security groups and checks if SSH access is open to the world, marking them as NON_COMPLIANT or COMPLIANT.
inputsoutputsimport boto3 import json # Initialize boto3 client for EC2 client = boto3.client('ec2', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY')) # Retrieve all security groups response = client.describe_security_groups() security_groups = response.get('SecurityGroups', []) # Prepare table compliance_table = context.newtable() compliance_table.num_rows = len(security_groups) + 1 compliance_table.num_cols = 3 compliance_table.title = "Security Group Compliance" compliance_table.has_header_row = True # Set header row compliance_table.setval(0, 0, "Security Group ID") compliance_table.setval(0, 1, "Security Group Name") compliance_table.setval(0, 2, "Compliance Status") # Check each security group for SSH access open to the world for idx, sg in enumerate(security_groups, start=1): sg_id = sg.get('GroupId', 'Unknown') sg_name = sg.get('GroupName', 'Unknown') compliance_status = "COMPLIANT" for permission in sg.get('IpPermissions', []): if permission.get('FromPort') == 22 and permission.get('ToPort') == 22: for ip_range in permission.get('IpRanges', []): if ip_range.get('CidrIp') == '0.0.0.0/0': compliance_status = "NON_COMPLIANT" for ipv6_range in permission.get('Ipv6Ranges', []): if ipv6_range.get('CidrIpv6') == '::/0': compliance_status = "NON_COMPLIANT" # Set values in the table compliance_table.setval(idx, 0, sg_id) compliance_table.setval(idx, 1, sg_name) compliance_table.setval(idx, 2, compliance_status) print("Security Group Compliance Table Created Successfully")copied1