runbooks 0.7.9__py3-none-any.whl → 0.9.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- runbooks/__init__.py +1 -1
- runbooks/cfat/README.md +12 -1
- runbooks/cfat/__init__.py +1 -1
- runbooks/cfat/assessment/runner.py +42 -34
- runbooks/cfat/models.py +1 -1
- runbooks/common/__init__.py +152 -0
- runbooks/common/accuracy_validator.py +1039 -0
- runbooks/common/context_logger.py +440 -0
- runbooks/common/cross_module_integration.py +594 -0
- runbooks/common/enhanced_exception_handler.py +1108 -0
- runbooks/common/enterprise_audit_integration.py +634 -0
- runbooks/common/mcp_integration.py +539 -0
- runbooks/common/performance_monitor.py +387 -0
- runbooks/common/profile_utils.py +216 -0
- runbooks/common/rich_utils.py +171 -0
- runbooks/feedback/user_feedback_collector.py +440 -0
- runbooks/finops/README.md +339 -451
- runbooks/finops/__init__.py +4 -21
- runbooks/finops/account_resolver.py +279 -0
- runbooks/finops/accuracy_cross_validator.py +638 -0
- runbooks/finops/aws_client.py +721 -36
- runbooks/finops/budget_integration.py +313 -0
- runbooks/finops/cli.py +59 -5
- runbooks/finops/cost_processor.py +211 -37
- runbooks/finops/dashboard_router.py +900 -0
- runbooks/finops/dashboard_runner.py +990 -232
- runbooks/finops/embedded_mcp_validator.py +288 -0
- runbooks/finops/enhanced_dashboard_runner.py +8 -7
- runbooks/finops/enhanced_progress.py +327 -0
- runbooks/finops/enhanced_trend_visualization.py +423 -0
- runbooks/finops/finops_dashboard.py +29 -1880
- runbooks/finops/helpers.py +509 -196
- runbooks/finops/iam_guidance.py +400 -0
- runbooks/finops/markdown_exporter.py +466 -0
- runbooks/finops/multi_dashboard.py +1502 -0
- runbooks/finops/optimizer.py +15 -15
- runbooks/finops/profile_processor.py +2 -2
- runbooks/finops/runbooks.inventory.organizations_discovery.log +0 -0
- runbooks/finops/runbooks.security.report_generator.log +0 -0
- runbooks/finops/runbooks.security.run_script.log +0 -0
- runbooks/finops/runbooks.security.security_export.log +0 -0
- runbooks/finops/service_mapping.py +195 -0
- runbooks/finops/single_dashboard.py +710 -0
- runbooks/finops/tests/test_reference_images_validation.py +1 -1
- runbooks/inventory/README.md +12 -1
- runbooks/inventory/core/collector.py +157 -29
- runbooks/inventory/list_ec2_instances.py +9 -6
- runbooks/inventory/list_ssm_parameters.py +10 -10
- runbooks/inventory/organizations_discovery.py +210 -164
- runbooks/inventory/rich_inventory_display.py +74 -107
- runbooks/inventory/run_on_multi_accounts.py +13 -13
- runbooks/main.py +740 -134
- runbooks/metrics/dora_metrics_engine.py +711 -17
- runbooks/monitoring/performance_monitor.py +433 -0
- runbooks/operate/README.md +394 -0
- runbooks/operate/base.py +215 -47
- runbooks/operate/ec2_operations.py +7 -5
- runbooks/operate/privatelink_operations.py +1 -1
- runbooks/operate/vpc_endpoints.py +1 -1
- runbooks/remediation/README.md +489 -13
- runbooks/remediation/commons.py +8 -4
- runbooks/security/ENTERPRISE_SECURITY_FRAMEWORK.md +506 -0
- runbooks/security/README.md +12 -1
- runbooks/security/__init__.py +164 -33
- runbooks/security/compliance_automation.py +12 -10
- runbooks/security/compliance_automation_engine.py +1021 -0
- runbooks/security/enterprise_security_framework.py +931 -0
- runbooks/security/enterprise_security_policies.json +293 -0
- runbooks/security/integration_test_enterprise_security.py +879 -0
- runbooks/security/module_security_integrator.py +641 -0
- runbooks/security/report_generator.py +1 -1
- runbooks/security/run_script.py +4 -8
- runbooks/security/security_baseline_tester.py +36 -49
- runbooks/security/security_export.py +99 -120
- runbooks/sre/README.md +472 -0
- runbooks/sre/__init__.py +33 -0
- runbooks/sre/mcp_reliability_engine.py +1049 -0
- runbooks/sre/performance_optimization_engine.py +1032 -0
- runbooks/sre/reliability_monitoring_framework.py +1011 -0
- runbooks/validation/__init__.py +2 -2
- runbooks/validation/benchmark.py +154 -149
- runbooks/validation/cli.py +159 -147
- runbooks/validation/mcp_validator.py +265 -236
- runbooks/vpc/README.md +478 -0
- runbooks/vpc/__init__.py +2 -2
- runbooks/vpc/manager_interface.py +366 -351
- runbooks/vpc/networking_wrapper.py +62 -33
- runbooks/vpc/rich_formatters.py +22 -8
- {runbooks-0.7.9.dist-info → runbooks-0.9.0.dist-info}/METADATA +136 -54
- {runbooks-0.7.9.dist-info → runbooks-0.9.0.dist-info}/RECORD +94 -55
- {runbooks-0.7.9.dist-info → runbooks-0.9.0.dist-info}/entry_points.txt +1 -1
- runbooks/finops/cross_validation.py +0 -375
- {runbooks-0.7.9.dist-info → runbooks-0.9.0.dist-info}/WHEEL +0 -0
- {runbooks-0.7.9.dist-info → runbooks-0.9.0.dist-info}/licenses/LICENSE +0 -0
- {runbooks-0.7.9.dist-info → runbooks-0.9.0.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,293 @@
|
|
|
1
|
+
{
|
|
2
|
+
"security_framework_version": "1.0.0",
|
|
3
|
+
"last_updated": "2024-08-30T00:00:00Z",
|
|
4
|
+
"compliance_frameworks": {
|
|
5
|
+
"AWS_Well_Architected_Security": {
|
|
6
|
+
"enabled": true,
|
|
7
|
+
"minimum_score": 90.0,
|
|
8
|
+
"critical_controls": [
|
|
9
|
+
"identity_foundation",
|
|
10
|
+
"apply_security_at_all_layers",
|
|
11
|
+
"enable_traceability",
|
|
12
|
+
"automate_security_best_practices",
|
|
13
|
+
"protect_data_in_transit_and_at_rest",
|
|
14
|
+
"keep_people_away_from_data",
|
|
15
|
+
"prepare_for_security_events"
|
|
16
|
+
]
|
|
17
|
+
},
|
|
18
|
+
"SOC2_Type_II": {
|
|
19
|
+
"enabled": true,
|
|
20
|
+
"minimum_score": 95.0,
|
|
21
|
+
"critical_controls": [
|
|
22
|
+
"access_controls",
|
|
23
|
+
"logical_physical_access",
|
|
24
|
+
"system_operations",
|
|
25
|
+
"change_management",
|
|
26
|
+
"risk_mitigation"
|
|
27
|
+
]
|
|
28
|
+
},
|
|
29
|
+
"NIST_Cybersecurity_Framework": {
|
|
30
|
+
"enabled": true,
|
|
31
|
+
"minimum_score": 85.0,
|
|
32
|
+
"functions": [
|
|
33
|
+
"identify",
|
|
34
|
+
"protect",
|
|
35
|
+
"detect",
|
|
36
|
+
"respond",
|
|
37
|
+
"recover"
|
|
38
|
+
]
|
|
39
|
+
},
|
|
40
|
+
"PCI_DSS": {
|
|
41
|
+
"enabled": true,
|
|
42
|
+
"minimum_score": 100.0,
|
|
43
|
+
"requirements": [
|
|
44
|
+
"install_maintain_firewall",
|
|
45
|
+
"not_use_vendor_defaults",
|
|
46
|
+
"protect_stored_cardholder_data",
|
|
47
|
+
"encrypt_transmission_data",
|
|
48
|
+
"protect_systems_against_malware",
|
|
49
|
+
"develop_secure_systems",
|
|
50
|
+
"restrict_access_need_to_know",
|
|
51
|
+
"identify_authenticate_access",
|
|
52
|
+
"restrict_physical_access",
|
|
53
|
+
"track_monitor_access",
|
|
54
|
+
"regularly_test_security",
|
|
55
|
+
"maintain_information_security_policy"
|
|
56
|
+
]
|
|
57
|
+
},
|
|
58
|
+
"HIPAA": {
|
|
59
|
+
"enabled": true,
|
|
60
|
+
"minimum_score": 95.0,
|
|
61
|
+
"safeguards": [
|
|
62
|
+
"administrative_safeguards",
|
|
63
|
+
"physical_safeguards",
|
|
64
|
+
"technical_safeguards"
|
|
65
|
+
]
|
|
66
|
+
},
|
|
67
|
+
"ISO27001": {
|
|
68
|
+
"enabled": true,
|
|
69
|
+
"minimum_score": 90.0,
|
|
70
|
+
"control_categories": [
|
|
71
|
+
"information_security_policies",
|
|
72
|
+
"organization_information_security",
|
|
73
|
+
"human_resource_security",
|
|
74
|
+
"asset_management",
|
|
75
|
+
"access_control",
|
|
76
|
+
"cryptography",
|
|
77
|
+
"physical_environmental_security",
|
|
78
|
+
"operations_security",
|
|
79
|
+
"communications_security",
|
|
80
|
+
"system_acquisition_development_maintenance",
|
|
81
|
+
"supplier_relationships",
|
|
82
|
+
"information_security_incident_management",
|
|
83
|
+
"information_security_business_continuity",
|
|
84
|
+
"compliance"
|
|
85
|
+
]
|
|
86
|
+
}
|
|
87
|
+
},
|
|
88
|
+
"encryption_requirements": {
|
|
89
|
+
"data_at_rest": {
|
|
90
|
+
"required": true,
|
|
91
|
+
"algorithm": "AES-256",
|
|
92
|
+
"key_management": "AWS_KMS",
|
|
93
|
+
"key_rotation": {
|
|
94
|
+
"enabled": true,
|
|
95
|
+
"frequency_days": 90
|
|
96
|
+
}
|
|
97
|
+
},
|
|
98
|
+
"data_in_transit": {
|
|
99
|
+
"required": true,
|
|
100
|
+
"minimum_tls_version": "1.2",
|
|
101
|
+
"certificate_validation": true,
|
|
102
|
+
"cipher_suites": [
|
|
103
|
+
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
104
|
+
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
|
|
105
|
+
]
|
|
106
|
+
},
|
|
107
|
+
"encryption_exemptions": {
|
|
108
|
+
"allowed_unencrypted_services": [],
|
|
109
|
+
"approval_required": true,
|
|
110
|
+
"documentation_required": true
|
|
111
|
+
}
|
|
112
|
+
},
|
|
113
|
+
"access_control_policies": {
|
|
114
|
+
"authentication": {
|
|
115
|
+
"mfa_required": true,
|
|
116
|
+
"mfa_methods": ["hardware_token", "software_token", "sms"],
|
|
117
|
+
"password_policy": {
|
|
118
|
+
"minimum_length": 14,
|
|
119
|
+
"require_uppercase": true,
|
|
120
|
+
"require_lowercase": true,
|
|
121
|
+
"require_numbers": true,
|
|
122
|
+
"require_symbols": true,
|
|
123
|
+
"max_age_days": 90,
|
|
124
|
+
"password_history": 12,
|
|
125
|
+
"account_lockout": {
|
|
126
|
+
"failed_attempts": 5,
|
|
127
|
+
"lockout_duration_minutes": 30
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
},
|
|
131
|
+
"authorization": {
|
|
132
|
+
"principle_of_least_privilege": true,
|
|
133
|
+
"regular_access_review": {
|
|
134
|
+
"frequency_days": 90,
|
|
135
|
+
"automated_review": true,
|
|
136
|
+
"manual_review": true
|
|
137
|
+
},
|
|
138
|
+
"privileged_access": {
|
|
139
|
+
"separate_accounts": true,
|
|
140
|
+
"elevated_authentication": true,
|
|
141
|
+
"session_recording": true,
|
|
142
|
+
"approval_workflow": true
|
|
143
|
+
}
|
|
144
|
+
},
|
|
145
|
+
"session_management": {
|
|
146
|
+
"idle_timeout_minutes": 30,
|
|
147
|
+
"maximum_session_duration_hours": 8,
|
|
148
|
+
"concurrent_session_limit": 3
|
|
149
|
+
}
|
|
150
|
+
},
|
|
151
|
+
"audit_requirements": {
|
|
152
|
+
"cloudtrail": {
|
|
153
|
+
"enabled": true,
|
|
154
|
+
"multi_region": true,
|
|
155
|
+
"include_global_services": true,
|
|
156
|
+
"log_file_encryption": true,
|
|
157
|
+
"log_file_validation": true,
|
|
158
|
+
"sns_notification": true,
|
|
159
|
+
"s3_bucket_logging": true
|
|
160
|
+
},
|
|
161
|
+
"aws_config": {
|
|
162
|
+
"enabled": true,
|
|
163
|
+
"all_regions": true,
|
|
164
|
+
"include_global_resources": true,
|
|
165
|
+
"delivery_channel_encryption": true,
|
|
166
|
+
"conformance_packs": [
|
|
167
|
+
"Operational-Best-Practices-for-AWS-Well-Architected-Security-Pillar",
|
|
168
|
+
"Operational-Best-Practices-for-SOC2",
|
|
169
|
+
"Operational-Best-Practices-for-PCI-DSS"
|
|
170
|
+
]
|
|
171
|
+
},
|
|
172
|
+
"log_retention": {
|
|
173
|
+
"security_logs": "7_years",
|
|
174
|
+
"operational_logs": "1_year",
|
|
175
|
+
"application_logs": "6_months"
|
|
176
|
+
},
|
|
177
|
+
"monitoring": {
|
|
178
|
+
"real_time_alerting": true,
|
|
179
|
+
"anomaly_detection": true,
|
|
180
|
+
"automated_response": true,
|
|
181
|
+
"escalation_procedures": true
|
|
182
|
+
}
|
|
183
|
+
},
|
|
184
|
+
"network_security": {
|
|
185
|
+
"vpc_requirements": {
|
|
186
|
+
"flow_logs": {
|
|
187
|
+
"enabled": true,
|
|
188
|
+
"capture_level": "ALL",
|
|
189
|
+
"destination": "cloudwatch_logs",
|
|
190
|
+
"encryption": true
|
|
191
|
+
},
|
|
192
|
+
"default_security_group": {
|
|
193
|
+
"restrict_default": true,
|
|
194
|
+
"no_ingress_rules": true,
|
|
195
|
+
"minimal_egress_rules": true
|
|
196
|
+
}
|
|
197
|
+
},
|
|
198
|
+
"security_groups": {
|
|
199
|
+
"no_unrestricted_access": true,
|
|
200
|
+
"principle_of_least_privilege": true,
|
|
201
|
+
"regular_review": true,
|
|
202
|
+
"documentation_required": true
|
|
203
|
+
},
|
|
204
|
+
"network_acls": {
|
|
205
|
+
"explicit_deny_rules": true,
|
|
206
|
+
"logging_enabled": true,
|
|
207
|
+
"regular_review": true
|
|
208
|
+
}
|
|
209
|
+
},
|
|
210
|
+
"data_protection": {
|
|
211
|
+
"data_classification": {
|
|
212
|
+
"classification_required": true,
|
|
213
|
+
"classification_levels": ["public", "internal", "confidential", "restricted"],
|
|
214
|
+
"handling_procedures": true
|
|
215
|
+
},
|
|
216
|
+
"data_loss_prevention": {
|
|
217
|
+
"enabled": true,
|
|
218
|
+
"scanning_enabled": true,
|
|
219
|
+
"automated_remediation": true
|
|
220
|
+
},
|
|
221
|
+
"backup_requirements": {
|
|
222
|
+
"automated_backups": true,
|
|
223
|
+
"cross_region_replication": true,
|
|
224
|
+
"backup_encryption": true,
|
|
225
|
+
"backup_testing": {
|
|
226
|
+
"frequency": "monthly",
|
|
227
|
+
"automated": true,
|
|
228
|
+
"documentation": true
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
},
|
|
232
|
+
"incident_response": {
|
|
233
|
+
"response_plan": {
|
|
234
|
+
"documented": true,
|
|
235
|
+
"tested_regularly": true,
|
|
236
|
+
"roles_responsibilities": true,
|
|
237
|
+
"communication_plan": true
|
|
238
|
+
},
|
|
239
|
+
"detection_capabilities": {
|
|
240
|
+
"automated_monitoring": true,
|
|
241
|
+
"threat_intelligence": true,
|
|
242
|
+
"behavioral_analytics": true
|
|
243
|
+
},
|
|
244
|
+
"response_capabilities": {
|
|
245
|
+
"automated_containment": true,
|
|
246
|
+
"forensic_capabilities": true,
|
|
247
|
+
"recovery_procedures": true
|
|
248
|
+
}
|
|
249
|
+
},
|
|
250
|
+
"compliance_thresholds": {
|
|
251
|
+
"overall_security_score": {
|
|
252
|
+
"minimum": 90.0,
|
|
253
|
+
"target": 95.0,
|
|
254
|
+
"critical_threshold": 85.0
|
|
255
|
+
},
|
|
256
|
+
"finding_thresholds": {
|
|
257
|
+
"critical_findings_allowed": 0,
|
|
258
|
+
"high_findings_threshold": 5,
|
|
259
|
+
"medium_findings_threshold": 20,
|
|
260
|
+
"low_findings_threshold": 50
|
|
261
|
+
},
|
|
262
|
+
"remediation_timeframes": {
|
|
263
|
+
"critical_findings": "4_hours",
|
|
264
|
+
"high_findings": "24_hours",
|
|
265
|
+
"medium_findings": "7_days",
|
|
266
|
+
"low_findings": "30_days"
|
|
267
|
+
}
|
|
268
|
+
},
|
|
269
|
+
"automation_requirements": {
|
|
270
|
+
"security_automation": {
|
|
271
|
+
"auto_remediation_enabled": true,
|
|
272
|
+
"approval_workflows": true,
|
|
273
|
+
"rollback_capabilities": true
|
|
274
|
+
},
|
|
275
|
+
"compliance_automation": {
|
|
276
|
+
"continuous_compliance": true,
|
|
277
|
+
"automated_reporting": true,
|
|
278
|
+
"exception_management": true
|
|
279
|
+
}
|
|
280
|
+
},
|
|
281
|
+
"vendor_security": {
|
|
282
|
+
"third_party_assessments": {
|
|
283
|
+
"security_questionnaires": true,
|
|
284
|
+
"penetration_testing": true,
|
|
285
|
+
"certification_verification": true
|
|
286
|
+
},
|
|
287
|
+
"supply_chain_security": {
|
|
288
|
+
"vendor_risk_assessment": true,
|
|
289
|
+
"contract_security_requirements": true,
|
|
290
|
+
"ongoing_monitoring": true
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
}
|