/garrison

Security, Compliance and Informational Dashboard System

Primary LanguageRuby

Garrison

Garrison is a security service for consolidating alerts from many other systems down to a single web dashboard.

Garrison UI

This project is in active development, we aim to always keep it functional, however we may break things from time to time. If you spot a problem, please raise a GitHub issue.

Preface

Garrison is made up of two parts...

  1. Dashboard
  2. Agents

Web interface

A Ruby on Rails web app, which utilizes a PostgreSQL database for alert storage.

Agents

These populate the alerts you see in the dashboard, they are primarily lightweight docker containers. They are responsible for sending data to the web API which populates the interface.

There are some pre-built agents, but you can create your own agents very easily if you need to.

Installation

We provide pre-build Docker containers for all parts of the service which are available on Docker Hub.

Configuration

Dashboard

TODO

Agents

There are some global configuration options for agents, these are provided to the agent containers via environmental variables. Some agents may have additional configuration options, however these will be documented with the individual agent.

Each agent must be registered before you use them as they need an Agent UUID. You can get this by POSTing to the API...

curl -d '{"agent": {"source": "aws-rds", "check": "check_engine_version"}}' -H "Content-Type: application/json" -X POST https://garrison.internal.acme.com/api/v1/agents

This is done so that alerts can be traced back to a single run of an agent, all the way down to the specific check type.

Global Configuration Options (Mandatory)
Environmental Variable Description
GARRISON_URL URL to the Garrison web interface eg. https://garrison.internal.acme.com
GARRISON_AGENT_UUID The UUID that was previously registered with the API
Global Configuration Options (Optional)

All optional variables will contain a sane default by the individual check itself, these options are provided for if you want to override that default.

Environmental Variable Description
GARRISON_ALERT_SOURCE Source slug eg. aws-rds, cve-detail
GARRISON_ALERT_SEVERITY Severity slug eg. critical, high, medium, low, info [1]
GARRISON_ALERT_FAMILY Family slug eg. attack, infrastructure, software, networking [1]
GARRISON_ALERT_TYPE Type slug eg. security, compliance, informational [1]
GARRISON_ALERT_DEPARTMENTS Comma Separated list of Department slugs eg. it,development [2]
GARRISON_AUTO_OBSOLETE Setting this to anything will automatically mark Alerts generated by previous runs by this agent as obsolete
  1. Or any other custom ones you have created within Garrison.
  2. Departments must already exist.

Available Agents

This is just a list of the official agents, you might find more with the GitHub Tag garrison-agent