Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workload Protection Engine #135

Open
varunjain99 opened this issue Mar 22, 2023 · 0 comments
Open

Workload Protection Engine #135

varunjain99 opened this issue Mar 22, 2023 · 0 comments

Comments

@varunjain99
Copy link
Contributor

Workload Protection Planning

Broad overview of the proposed engine

  1. Visibility: Determine running compute and the corresponding volumes to be snapshotted
    1. Much of this is done through cartography?
    2. TODO: Figure out what needs to be snapshotted for container/serverless based compute
  2. Snapshot block storage for analysis
    1. Snapshots should be deleted when they are no longer needed
  3. Mount snapshots onto an EC2 to do analysis
    1. Different file systems may need to be dealt with differently
    2. Container file systems may need to be reconstructed
    3. TODO: Figure out which filesystems and how you mount different filesystems
    4. TODO: Figure out for container/serverless how you reconstruct their filesystems
  4. Workload analysis
    1. Many possible types of analysis
      1. Vulnerability scanning
      2. App configuration analysis
      3. Malware analysis
      4. Secrets / Access key / password analysis
      5. Sensitive data analysis
    2. Probably should do vuln analysis and / or secret analysis first?
    3. TODO: Which open source scanning tools should we use?
    4. TODO: Should we pickup container networking in this step? Or is that separate?
  5. Add workload analysis findings to Neo4j db
  6. Delete any ec2 / snapshots that were created
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant