
Security Monkey: Monitors AWS and GCP accounts for policy changes - vinnyglennon
https://github.com/Netflix/security_monkey
======
kapilvt
Another open source tool in this space that also supports writing your own
rules, lambda/event based execution, config rules, guard duty support and wide
coverage is [https://github.com/capitalone/cloud-
custodian](https://github.com/capitalone/cloud-custodian)

~~~
sitkack
See also, [https://github.com/GoogleCloudPlatform/forseti-
security](https://github.com/GoogleCloudPlatform/forseti-security)

------
dfl__
Is it possible to add custom rules to security monkey? Is there a Howto for
this?

~~~
mikegrima
You can create custom alerters:
[https://github.com/Netflix/security_monkey/blob/develop/docs...](https://github.com/Netflix/security_monkey/blob/develop/docs/misc.md#custom-
alerters). This allows you to have custom logic for items in your environment.

------
mancerayder
Sounds cool, but can't some combo of Cloudwatch and Cloudtrail do this?

~~~
mikegrima
Hello there! I work at Netflix and am one of the primary contributors to
Security Monkey.

You can absolutely use Cloudwatch and Cloudtrail for this. This is actually
our long term plan with [https://github.com/Netflix-
Skunkworks/historical](https://github.com/Netflix-Skunkworks/historical). We
intend to effectively move all watching logic to Historical so it's all event
driven vs. polling.

Hopefully we'll have integration sometime next quarter.

