/Cloud-AWS

A collection of projects supporting AWS Integration

Primary LanguagePythonMIT LicenseMIT

AWS Service Integrations

Integration Name Description
AWS Control Tower with CrowdStrike Discover for Cloud and Containers Configure AWS Control Tower to register new AWS accounts with CrowdStrike Discover for Cloud and Containers.
AWS Control Tower with CrowdStrike Horizon Configure AWS Control Tower to register new AWS accounts with CrowdStrike Horizon.
AWS Network Firewall with CrowdStrike Threat Intelligence Build capabilities such as automated blocking of malicious domains (via AWS Network Firewall) based on CrowdStrike detection alerts, or perform threat hunting derived from CrowdStrike domain-based Indicators of Activity (IOAs).
AWS PrivateLink with CrowdStrike Sensor Proxy Leverage AWS PrivateLink to provide private connectivity between your CrowdStrike-protected workloads and the CrowdStrike cloud.
AWS Security Hub with CrowdStrike Event Streams API The Falcon Integration Gateway publishes detections identified by CrowdStrike Falcon for instances residing within Amazon Web Services (AWS) to AWS Security Hub.
AWS S3 Protected Bucket with CrowdStrike Quick Scan API S3 Bucket Protection secures your AWS storage buckets by scanning files as they are uploaded to the bucket using the CrowdStrike Quick Scan API.

CrowdStrike Sensor Automation

Integration Name Description
AWS Autoscale Groups for Auto Register/Deregister Utilize AWS Autoscale Groups to install the CrowdStrike Falcon Sensor during virtual machine initialization, and AWS Autoscale Lifecycle hooks to deregister the instance with CrowdStrike upon virtual machine termination.
AWS EventBridge and AWS State Manager Leverage AWS EventBridge and AWS Systems Manager State Manager to manage the deployment of the Falcon Agent and the removal of stale sensors.
AWS Systems Manager Parameter Store with PowerShell Sensor Installation Script Sample automation which leverages AWS Systems Manager Parameter Store to store CrowdStrike API credentials. These credentials are passed into a Microsoft PowerShell script to bootstrap the CrowdStrike Falcon Sensor for Windows during a Windows virtual machine's first boot process.
AWS Systems Manager with Linux BASH Sensor Installation Script POSIX script that will install CrowdStrike sensor. The script is current tailored to the use within AWS Systems Manager, but can be used outside the Systems Manager.
AWS Terraform Template for Sensor Installation Sample AWS Terraform template that builds a test VPC, creates an Ubuntu-based web server, and automatically installs the CrowdStrike Falcon sensor into the virtual machine.

DevSecOps Automations

Integration Name Description
EC2 Isolation Webhook Isolate a potentially compromised EC2 instance through an API endpoint while it's undergoing an incident response investigation.