unSkript Documentation
Free SandboxBlogGitHubSlack Community
  • What is unSkript?
  • Guides
    • Contribute to Open Source
    • Getting started
      • Sign Up/Install
      • Authentication
        • Okta configuration
          • Okta Groups Sync
      • Create a Proxy
      • Add Credentials to Connect your Resources
      • Key Terms
  • RunBooks
    • Prebuilt xRunBooks
      • xRunBooks for CloudOps
      • xRunBooks for Cost Optimization
      • xRunBooks for DevOps
      • xRunBooks for IAM
      • xRunBooks for SecOps
      • xRunBooks for SRE
      • xRunBooks for Troubleshooting
    • Creating RunBooks
      • Importing unSkript xRunBooks
      • Create a xRunBook
      • Add an Action
      • Connecting Actions
      • Create a RunBook Input Parameter
      • Create a Credential
      • Writing Notes
      • Running XRunBooks
        • Running RunBooks with Approvals
      • Schedules
      • xRunBook Executions
      • Alarms
        • Create an Alarm Webhook
          • Webhooks for onprem installations
        • Create a Grafana Alert
        • Attaching runbooks to alarms
      • Folders
      • RunBook Outputs
  • Actions
    • What is an Action?
    • Create Custom Actions
    • Create Actions with AI
    • Actions
      • Action Configuration
        • Configure Action Inputs
        • Add Action Inputs
        • Action Output
        • Action Iterator
          • Using Iterators
        • Action Poll
        • Action Start Condition
      • Anatomy of an Action
    • Prebuilt Actions
  • Healthchecks
    • What is a HealthCheck?
    • Create a HealthCheck
      • Create a HealthCheck Folder
      • Adding Checks
    • HealthCheck Parameters
    • Running HealthChecks
    • HealthCheck Remediation
  • Workflows
    • What is a Workflow?
  • Connnecting
    • Connectors
      • Airflow
        • Airflow Actions
      • AWS
        • AWS Actions
          • AWS Cloudwatch Actions
          • AWS EC2 Actions
          • AWS ECS Actions
          • AWS EKS Actions
          • AWS ELB Actions
          • AWS IAM Actions
          • AWS Postgres Actions
          • AWS RDS Actions
          • AWS RedShift Actions
          • AWS S3 Actions
          • AWS VPC Actions
      • Azure
        • Azure Actions
      • ChatGPT
        • ChatGPT Actions
      • Datadog
        • Configuring webhook in Datadog
        • Datadog Actions
          • Datadog Alert Actions
          • Datadog Metrics Actions
          • Datadog Monitor Actions
      • Elasticsearch
        • Elasticsearch Actions
      • GCP
        • GCP Actions
          • GCP Bucket Actions
          • GCP GKE Actions
          • GCP IAM Actions
          • GCP VM Actions
      • Github
        • Github Actions
      • Grafana
        • Grafana Actions
      • Hadoop
        • Hadoop Actions
      • Jenkins
        • Jenkins Actions
      • Jira
        • Jira Actions
      • Kafka
        • Kafka Actions
      • Kubernetes
        • K8s Actions
      • MongoDB
        • MongoDB Actions
      • MS SQL
        • MSSQL Actions
      • MySQL
        • MySQL Actions
      • Netbox
        • Netbox Actions
      • Nomad
        • Nomad Actions
      • OpenSearch
        • opensearch Actions
      • Pingdom
        • Pingdom Actions
      • Postgres
        • Postgres Actions
      • Prometheus
        • Prometheus Actions
      • Redis
        • Redis Actions
      • REST
        • REST Actions
      • SalesForce
        • SalesForce Actions
      • Slack
        • Slack Actions
      • Snowflake
        • Snowflake Actions
      • Splunk
        • Splunk Actions
      • SSH
        • SSH Actions
      • Stripe
        • Stripe Actions
      • Terraform
        • Terraform Actions
      • Zabbix
    • Proxies
      • Environment
        • RunBooks Across Environments: ServiceIDs
      • unSkript Proxy
      • AWS Proxy
      • GCP Proxy
    • Secret store
      • Vault
  • Tooling
    • Role Based Access Control
      • RBAC Roles
    • API reference
      • Authentication
      • Endpoints
        • Executions
        • RunBooks
        • Schedules
    • Command Line Tool
    • Notifications
  • Fundamentals
    • Jupyter Notebook 101
  • Use Cases
    • DevOps
    • SRE
  • Open source
    • Runbooks.sh
    • Contribute to Open Source
  • Lists
    • AWS Service Quota list
Powered by GitBook
On this page

Was this helpful?

  1. RunBooks
  2. Prebuilt xRunBooks

xRunBooks for SecOps

PreviousxRunBooks for IAMNextxRunBooks for SRE

Last updated 1 year ago

Was this helpful?

  • AWS : This runbook can be used to configure AWS Access Key rotation. Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice because it shortens the period an access key is active and therefore reduces the business impact if they are compromised. Having an established process that is run regularly also ensures the operational steps around key rotation are verified, so changing a key is never a scary step.

  • AWS : This xRunBook is a set of example actions that could be used to establish mandatory tagging to EC2 instances. First testing instances for compliance, and creating reports of instances that are missing the required tags. There is also and action to add tags to an instance - to help bring them into tag compliance.

  • AWS : This runbook can be used to enforce HTTP redirection across all AWS ALBs. Web encryption protocols like SSL and TLS have been around for nearly three decades. By securing web data in transit, these security measures ensure that third parties can’t simply intercept unencrypted data and cause harm. HTTPS uses the underlying SSL/TLS technology and is the standard way to communicate web data in an encrypted and authenticated manner instead of using insecure HTTP protocol. In this runbook, we implement the industry best practice of redirecting all unencrypted HTTP data to the secure HTTPS protocol.

  • AWS : This runbook can be used to find the publicly accessible RDS instances for the given AWS region.

  • AWS : This runbook can be used to filter all the S3 buckets which are unencrypted and apply encryption on unencrypted S3 buckets.

  • AWS : This runbook can be used to list all AWS SSL (ACM) Certificates that need to be renewed within a given threshold number of days. Optionally it can renew the certificate using AWS ACM service.

  • AWS : This runbook will list all the S3 buckets.Filter buckets which has ACL public READ/WRITE permissions and Change the ACL Public READ/WRITE permissions to private in the given region.

  • AWS : This lego can be used to list all the manual database snapshots in the given region. Get publicly accessible DB snapshots in RDS and Modify the publicly accessible DB snapshots in RDS to private.

  • AWS : This runbook can be used to find the old generation RDS instances for the given AWS region and modify then to the given instance class.

  • AWS : This runbook can be used to filter all the S3 buckets which are unencrypted and apply encryption on unencrypted S3 buckets.

  • AWS : AWS has an inbuilt identity and access management system known as AWS IAM. IAM supports the concept of users, group, roles and privileges. IAM user is an identity that can be created and assigned some privileges. This runbook can be used to create an AWS IAM User

  • AWS : Extract usage details from Cloudtrail of an existing user. Apply the usage to a new IAM Policy, and connect it to a new IAM profile.

AWS Access Key Rotation for IAM users
AWS Add Mandatory tags to EC2
Enforce HTTP Redirection across all AWS ALB instances
Publicly Accessible Amazon RDS Instances
Remediate unencrypted S3 buckets
Renew AWS SSL Certificates that are close to expiration
Restrict S3 Buckets with READ/WRITE Permissions to all Authenticated Users
Secure Publicly accessible Amazon RDS Snapshot
AWS Update RDS Instances from Old to New Generation
Encrypt unencrypted S3 buckets
Create a new AWS IAM User
Create an IAM user using Principle of Least Privilege