Skip to content

SygniaLabs/Cirrus

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cirrus - Google Cloud Forensic Collection

cirrus_image

Overview

Cirrus is a command-line tool written in Python to facilitate environment access and evidence collection across Google Cloud. Cirrus has been designed to support incident response and threat hunting operations. Sygnia created Cirrus and an associated blog series (Foundations & Forensic Artifacts) to help solve gaps with incident response in Google Cloud.

Capabilities

Cirrus is composed of two scripts:

  1. Assistant: automate Google Cloud access setup and cleanup
  2. Collector: collect log, configuration, and user data

The Assistant script is responsible for automating access prerequisites to a Google Cloud environment in preparation for evidence collection by the Collector. The Assistant script is built for execution in Google Cloud Shell, while the Collector script can be executed from any terminal. The Collector script utilizes a service account key file to authenticate to a Google Cloud environment, which can be generated through the Assistant script or manual creation.

Assistant

To prepare a Google Cloud environment for evidence collection, reference Assistant documentation.

Collector

To collect evidence from Google Cloud, reference Collector documentation.

Authors & Contributors

Authors

  • Itay Angi (@NG-Syg)
  • Wesley Guerra (@wrguerra)

Contributors

  • @yogevyuval - Provided code review.
  • @yuvalmarciano - Provided code review.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages