PrismX by Kaffee&Code

Zero-trust tool to identify all vulnerability affected Siemens assets. Full Cloud Solution Hosted on AWS with Lambda, MySQL and Grafana.

Comment

Inspiration

It's Friday afternoon, and everybody is ready to start on their weekend; the worst-case scenario for the cyber security department happens: A potential incident report comes in. Now, the weekend is full of urgent questions: Is the company affected? How many systems are affected? What is the estimated severity of the incident? What to do next? What to tell the press? What can we do to prevent similar happenings in the future?

What it does

With PrismX, we achieve a smooth solution to most of the above questions. We back-track affected assets in the graph that are running affected Docker Applications for the affected versions. Using this and finding possibly associated weaknesses, we can compute an estimated EPSS Score for the Docker incident. We also compare past incidents and provide an overview of affected assets. We even have an automatically created roadmap of measures that should be taken to tackle the incident.

How we built it

Our solution fully runs on AWS and is based on lambda functions, a MySQL database, and visualization on self-hosted Grafana. The given Neo4j Graph is being Queryed using Cypher. In our GitHub repo, one can find our lambda function in Java, and a Markdown File describing some of our used Neo4j Cypher queries. Click here to get a real view of our dynamic Grafana dashboard.

Challenges we ran into

AWS (enough said), but after hours of troubleshooting and a complete reinitialization, everything eventually worked out :)

Accomplishments that we're proud of

We built a fully working Cloud infrastructure on AWS and a useful dashboard on Grafana. This enables a good overview of the Incident, even for non-professionals. We also managed to track down the reported Docker-Incident in the Graph and identify all affected assets and potentially associated weaknesses.

What we learned

All of us worked with technology we hadn't used before. AWS, lambda Functions, neo4j Graph Databases, or the topic of Cybersecurity as its whole.

What's next for PrismX

Broader integration, especially the connection to Siemens-internal Infrastructure, as well as the enhancement of the existing database using other databases like NIST.

Built With

Share this project:

Updates