Welcome to the CloudPassage Toolbox!

We've organized the tools into categories you see on the left.
The tools featured here are curated from those produced by CloudPassage as well as
our partners. If you'd like to see your work featured, please reach out to toolbox@cloudpassage.com

For a detailed description of each tool, try holding your cursor over the tool's icon.

Archival Tools

These archival tools focus on exporting and preserving information from your Halo account.

Provides an html-formatted page showing the IP addresses from which Halo Portal users have logged in. Reviewing this report allows you to quickly identify logins from suspcious networks unexpected countries, or at unusual times of day.

Community, supported by CloudPassage

where are they now

This script downloads (in JSON format) all defined file integrity policies and firewall policies in one or more Halo accounts. Running this script allows you to archive a copy of all of your current policies.

Community, unsupported

archive policies

Script to retrieve and store your historical scan data locally

Community, supported by CloudPassage

archive halo scan data

Use Git for storing Halo policy revisions

Community, supported by CloudPassage

halo policy backup

Streams Halo Events to a variety of target systems (SIEM, GRC, etc)

Community, supported by CloudPassage

connector

API Examples

Tools in this section pertain to API integration.
Start here if you're looking to build your own tools using CloudPassage's API.

These ruby and Python scripts include examples of calling the CloudPassage API for basic purposes such as authentication, submitting a GET request to retrieve information, and submitting a PUT request to write information back to Halo.

Community, supported by CloudPassage

api examples

This library contains support routines used by Ruby programs accessing the CloudPassage Halo API.

Community, supported by CloudPassage

wlslib

This script places a GET call to the Halo API, sending the API response to stdout.

Community, supported by CloudPassage

halo get

The program makes Halo API calls to retrieve event and scan data from the Halo Grid and coverts it into XML format

Community, unsupported

halo data in xml format

Python Examples on How to use the CloudPassage SDK library (CPAPI)

Community, supported by CloudPassage

python cpapi examples

Python SDK for CloudPassage Halo API

Community, supported by CloudPassage

cloudpassage halo python sdk

Audit Tools

The tools in this section are designed to make it easier to audit your
CloudPassage-protected workloads

This tool provides one report per Halo group showing where the machines are the same, and where they differ. One of these things is not like the other...

Community, supported by CloudPassage

one of these things

Provides an html-formatted page showing the IP addresses from which Halo Portal users have logged in. Reviewing this report allows you to quickly identify logins from suspcious networks unexpected countries, or at unusual times of day.

Community, supported by CloudPassage

where are they now

Looks at all Halo-secured systems in a single portal account and reports on all server-local accounts whose passwords have not been changed in over M days (where M is specified on the command line).

Community, unsupported

stale passwords

Checks AWS regions and Rackspace for servers that do not have CloudPassage Halo installed. 

Community, supported by CloudPassage

audit servers without halo

Ruby console with a CloudPassage api session going

Community, unsupported

kitchen board

This program uses the Halo API to check for the presence of CVE-2014-0160

Community, unsupported

heartbleed check

Search CloudPassage Halo API for specific CVEs

Community, unsupported

check for cve

Launch a server scan against active servers.

Community, unsupported

scan all servers

Automation Tools

These tools focus on security automation.

This Ruby script adds or removes IP addresses from an IP zone that is used in a Halo firewall policy.

Community, unsupported

modify ip zone

Chef recipes using the CloudPassage Halo API

Community, supported by CloudPassage

cloudpassage chef cookbook

Adds a rule to all your firewall policies

Community, unsupported

addfwrule

These scripts regularly update the /etc/hosts file on each Halo-protected server with both the name and IP address of every other server, so that syslog entries will specify server name as well as IP address.

Community, unsupported

autogen hosts

This library contains support routines used by Ruby programs accessing the CloudPassage Halo API.

Community, supported by CloudPassage

wlslib

Quarantines potentially compromised cloud servers

Community, supported by CloudPassage

quarantine

Convert between AWS Security Groups and Halo Firewall Policies

CloudPassage Partner Integration

transformer

Launch a server scan against active servers.

Community, unsupported

scan all servers

Using CloudPassage Halo to manage application admission

Community, unsupported

halo application membership control

Puppet modules for managing Cloudpassage

Community, unsupported

puppet cloudpassage

Deployment Tools

The tools in this section will make it easier to deploy CloudPassage across your workloads

Chef recipes using the CloudPassage Halo API

Community, supported by CloudPassage

cloudpassage chef cookbook

This program enables VMWare users to install/uninstall the CloudPassage Halo daemon across their VMWare infrastructure.

CloudPassage Partner Integration

vmware integration

Puppet modules for managing Cloudpassage

Community, unsupported

puppet cloudpassage

Integration Tools

These tools are designed to integrate CloudPassage Halo with other systems.

This Ruby script adds or removes IP addresses from an IP zone that is used in a Halo firewall policy.

Community, unsupported

modify ip zone

Looks at all Halo-secured systems in a single portal account and reports on all server-local accounts whose passwords have not been changed in over M days (where M is specified on the command line).

Community, unsupported

stale passwords

Adds a rule to all your firewall policies

Community, unsupported

addfwrule

These scripts regularly update the /etc/hosts file on each Halo-protected server with both the name and IP address of every other server, so that syslog entries will specify server name as well as IP address.

Community, unsupported

autogen hosts

This library contains support routines used by Ruby programs accessing the CloudPassage Halo API.

Community, supported by CloudPassage

wlslib

Convert between AWS Security Groups and Halo Firewall Policies

CloudPassage Partner Integration

transformer

The program makes Halo API calls to retrieve event and scan data from the Halo Grid and coverts it into XML format

Community, unsupported

halo data in xml format

Using CloudPassage Halo to manage application admission

Community, unsupported

halo application membership control

Python SDK for CloudPassage Halo API

Community, supported by CloudPassage

cloudpassage halo python sdk

Streams Halo Events to a variety of target systems (SIEM, GRC, etc)

Community, supported by CloudPassage

connector

Policies

This is a collection of policies for CloudPassage Halo.

Cloudpassage Halo policy for detecting Bitcoin miners CPUMiner and CUDAMiner

Community, unsupported

cloudpassage halo policy bitcoin miner

CloudPassage Halo policy for detecting vulnerability to CVE-2014-3566 (AKA POODLE)

Community, unsupported

mangy beast