Skip to main content

AWSRecreateSG

This Script is part of the AWS Enrichment and Remediation Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Automation to determine which interface on an EC2 instance has an over-permissive security group, determine which security groups have over-permissive rules and replace them with a copy of the security group that has only the over-permissive portion removed. Over-permissive is defined as sensitive ports (SSH, RDP, etc.) being exposed to the internet via IPv4.

Script Data#


NameDescription
Script Typepython3
Cortex XSOAR Version6.5.0

Dependencies#


This script uses the following commands and scripts.

  • aws-ec2-revoke-security-group-egress-rule
  • aws-ec2-authorize-security-group-ingress-rule
  • aws-ec2-authorize-security-group-egress-rule
  • aws-ec2-describe-instances
  • aws-ec2-revoke-security-group-ingress-rule
  • aws-ec2-create-security-group

Used In#


This script is used in the following playbooks and scripts.

  • AWS - Security Group Remediation v2

Inputs#


Argument NameDescription
instance_idEC2 Instance ID.
portTCP/UDP port to be restricted.
protocolProtocol of the port to be restricted.
public_ipPublic IP address of the EC2 instance.
assume_roleName of an AWS role to assume (should be the same for all organizations).
regionRegion where EC2 instance is present.

Outputs#


PathDescriptionType
awssgrecreatedSets the value to true or false if the security group is created.boolean