Garrison
Garrison is a security service for consolidating alerts from many other systems down to a single web dashboard.
This project is in active development, we aim to always keep it functional, however we may break things from time to time. If you spot a problem, please raise a GitHub issue.
Preface
Garrison is made up of two parts...
- Dashboard
- Agents
Web interface
A Ruby on Rails web app, which utilizes a PostgreSQL database for alert storage.
Agents
These populate the alerts you see in the dashboard, they are primarily lightweight docker containers. They are responsible for sending data to the web API which populates the interface.
There are some pre-built agents, but you can create your own agents very easily if you need to.
Installation
We provide pre-build Docker containers for all parts of the service which are available on Docker Hub.
- Dashboard - https://hub.docker.com/r/forward3d/garrison/
- Agents - See individual agent documentation
Configuration
Dashboard
TODO
Agents
There are some global configuration options for agents, these are provided to the agent containers via environmental variables. Some agents may have additional configuration options, however these will be documented with the individual agent.
Each agent must be registered before you use them as they need an Agent UUID. You can get this by POST
ing to the API...
curl -d '{"agent": {"source": "aws-rds", "check": "check_engine_version"}}' -H "Content-Type: application/json" -X POST https://garrison.internal.acme.com/api/v1/agents
This is done so that alerts can be traced back to a single run of an agent, all the way down to the specific check type.
Global Configuration Options (Mandatory)
Environmental Variable | Description |
---|---|
GARRISON_URL |
URL to the Garrison web interface eg. https://garrison.internal.acme.com
|
GARRISON_AGENT_UUID |
The UUID that was previously registered with the API |
Global Configuration Options (Optional)
All optional variables will contain a sane default by the individual check itself, these options are provided for if you want to override that default.
Environmental Variable | Description |
---|---|
GARRISON_ALERT_SOURCE |
Source slug eg. aws-rds , cve-detail
|
GARRISON_ALERT_SEVERITY |
Severity slug eg. critical , high , medium , low , info [1] |
GARRISON_ALERT_FAMILY |
Family slug eg. attack , infrastructure , software , networking [1] |
GARRISON_ALERT_TYPE |
Type slug eg. security , compliance , informational [1] |
GARRISON_ALERT_DEPARTMENTS |
Comma Separated list of Department slugs eg. it,development [2] |
GARRISON_AUTO_OBSOLETE |
Setting this to anything will automatically mark Alerts generated by previous runs by this agent as obsolete
|
- Or any other custom ones you have created within Garrison.
- Departments must already exist.
Available Agents
This is just a list of the official agents, you might find more with the GitHub Tag garrison-agent