Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fo-triage lambda is failing on not able to accuire instance detail info #20

Open
6 tasks
reshmaks opened this issue Dec 14, 2023 · 2 comments
Open
6 tasks

Fo-triage lambda is failing on not able to accuire instance detail info #20

reshmaks opened this issue Dec 14, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@reshmaks
Copy link

Describe the bug
Get Instance Lambda function assumes role into compromised application account and is unable to retrieves instance information.

To Reproduce

AWS Security Hub operating in AWS application account is reported with details of the compromised instance and the findings get aggregated to AWS Security Hub administrator AWS master Account.

The security administrator initiates one of the following forensic actions in Security Hub.

Forensic triage

Forensic isolation

Amazon EventBridge initiates the triage Step Functions flow.

Expected behavior
A clear and concise description of what you expected to happen.

Please complete the following information about the solution:

  • Version: [e.g. v1.0.0]

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0191) - Automated Forensics for Amazon EC2. Version v5.0.0". If the description does not contain the version information, you can look at the mappings section of the template:

Mappings:
    SourceCode:
        General:
            S3Bucket: 'solutions'
            KeyPrefix: 'automated-forensics-for-amazon-ec2/v1.0.0'
  • Region: [e.g. us-east-1]
  • Was the solution modified from the version published on this repository?
  • If the answer to the previous question was yes, are the changes available on GitHub?
  • Have you checked your service quotas for the sevices this solution uses?
  • Were there any errors in the CloudWatch Logs?

Screenshots
Screenshot 2023-12-14 at 1 50 49 PM

Additional context
Add any other context about the problem here.
@reshmaks reshmaks added the bug Something isn't working label Dec 14, 2023
@dadmukta
Copy link
Member

Thanks for reporting the issue. We are investigating this.

@bios6
Copy link
Member

bios6 commented Nov 22, 2024
edited
Loading

Hi @reshmaks,

Can you provide more information like the version of the solution you are using and region's you are working with? Any other information you can provide will be helpful (like if the solution was modified) and you might be able to check CloudTrail to find more information. We will also suggest using the latest version of the solution.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@reshmaks @dadmukta @bios6