Security Monkey
Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
| Category | Security Monitoring & Logging |
|---|---|
| Community Stars | 4352 |
| Last Commit | 3 years ago |
| Last page update | 19 days ago |
| Pricing Details | Free and open source |
| Target Audience | Security professionals and cloud administrators. |
Security Monkey manages monitoring and managing security configurations across multiple cloud platforms, including AWS, GCP, and OpenStack, as well as GitHub organizations. This tool is designed to track changes in assets and configurations over time, providing a single UI for browsing and searching through all accounts, regions, and cloud services.
Technically, Security Monkey relies on a modular architecture that includes watchers, auditors, and alerters. Watchers monitor specific cloud services and assets, while auditors check these assets against predefined security policies. Alerters notify administrators of any insecure configurations or changes. The tool uses role assumption where available to access accounts and scan for security issues. It also integrates with cloud-native services like AWS CloudTrail and GCP Stackdriver Logging to trigger event-driven actions, such as Lambda functions on AWS and Cloud Functions on GCP.
Operationally, Security Monkey requires a Postgres database and can run on various cloud instances, including AWS EC2, GCP instances, or OpenStack. The setup involves configuring IAM permissions, setting up logging folders, and installing necessary dependencies. The tool supports custom extensions through the addition of new watchers, auditors, and alerters, allowing administrators to tailor it to their specific security needs. However, it is important to note that Security Monkey is currently in maintenance mode, with Netflix recommending the use of AWS Config for AWS users and Cloud Asset Inventory for GCP users.
From a technical detail perspective, Security Monkey's performance can be influenced by the polling intervals set by administrators, which can be adjusted from the web UI. The tool also supports various notification methods, including custom alerters that can send events to platforms like Splunk. Despite its robust features, Security Monkey's development and support are being phased out, which may impact its long-term viability and the availability of new features.