Welcome to the CloudPassage Toolbox!

We've organized the tools into categories you see on the left.
The tools featured here are curated from those produced by CloudPassage as well as
our partners. If you'd like to see your work featured, please reach out to support@cloudpassage.com

Archival Tools

These archival tools focus on exporting and preserving information from your Halo account.

Provides an html-formatted page showing the IP addresses from which Halo Portal users have logged in. Reviewing this report allows you to quickly identify logins from suspcious networks unexpected countries, or at unusual times of day.

Community, unsupported

where are they now

This script downloads (in JSON format) all defined file integrity policies and firewall policies in one or more Halo accounts. Running this script allows you to archive a copy of all of your current policies.

Community, unsupported

archive policies

Script to retrieve and store your historical scan data locally

Community, unsupported

archive halo scan data

Use Git for storing Halo policy revisions

Community, unsupported

halo policy backup

Streams Halo Events to a variety of target systems (SIEM, GRC, etc)

Community, supported by CloudPassage

connector

Python Latest Scan Issues

Community, supported by CloudPassage

python latest scan issues

Archive Halo events to local disk or S3

Community, supported by CloudPassage

halo events archiver

Downloads scans from Halo API.  Optionally, uploads those scans to S3.

Community, supported by CloudPassage

halo scans archiver

API Examples

Tools in this section pertain to API integration.
Start here if you're looking to build your own tools using CloudPassage's API.

These ruby and Python scripts include examples of calling the CloudPassage API for basic purposes such as authentication, submitting a GET request to retrieve information, and submitting a PUT request to write information back to Halo.

Community, supported by CloudPassage

api examples

This library contains support routines used by Ruby programs accessing the CloudPassage Halo API.

Community, supported by CloudPassage

wlslib

This script places a GET call to the Halo API, sending the API response to stdout.

Community, supported by CloudPassage

halo get

The program makes Halo API calls to retrieve event and scan data from the Halo Grid and coverts it into XML format

Community, unsupported

halo data in xml format

Python Examples on How to use the CloudPassage SDK library (CPAPI)

Community, supported by CloudPassage

python cpapi examples

Python SDK for CloudPassage Halo API

Community, supported by CloudPassage

cloudpassage halo python sdk

Identifies policies using APA and cleans up legacy policies

Community, supported by CloudPassage

apa cleanup

Audit Tools

The tools in this section are designed to make it easier to audit your
CloudPassage-protected workloads

This tool provides one report per Halo group showing where the machines are the same, and where they differ. One of these things is not like the other...

Community, supported by CloudPassage

one of these things

Provides an html-formatted page showing the IP addresses from which Halo Portal users have logged in. Reviewing this report allows you to quickly identify logins from suspcious networks unexpected countries, or at unusual times of day.

Community, unsupported

where are they now

Looks at all Halo-secured systems in a single portal account and reports on all server-local accounts whose passwords have not been changed in over M days (where M is specified on the command line).

Community, unsupported

stale passwords

Checks AWS regions and Rackspace for servers that do not have CloudPassage Halo installed. 

Community, supported by CloudPassage

audit servers without halo

Ruby console with a CloudPassage api session going

Community, unsupported

kitchen board

This program uses the Halo API to check for the presence of CVE-2014-0160

Community, unsupported

heartbleed check

Search CloudPassage Halo API for specific CVEs

Community, unsupported

check for cve

Report on all EC2 instances, across all of your AWS accounts, where the CloudPassage Halo agent is not installed.

Community, supported by CloudPassage

ec2 halo delta

Automation Tools

This is our collection of automation tools.

This Ruby script adds or removes IP addresses from an IP zone that is used in a Halo firewall policy.

Community, unsupported

modify ip zone

Chef cookbook for installing the CloudPassage Halo agent

Community, supported by CloudPassage

cloudpassage chef cookbook

These scripts regularly update the /etc/hosts file on each Halo-protected server with both the name and IP address of every other server, so that syslog entries will specify server name as well as IP address.

Community, unsupported

autogen hosts

This library contains support routines used by Ruby programs accessing the CloudPassage Halo API.

Community, supported by CloudPassage

wlslib

Quarantines potentially compromised cloud servers

Community, supported by CloudPassage

quarantine

Convert between AWS Security Groups and Halo Firewall Policies

CloudPassage Partner Integration

transformer

Using CloudPassage Halo to manage application admission

Community, unsupported

halo application membership control

Puppet modules for managing Cloudpassage

Community, unsupported

puppet cloudpassage

Don-Bot, the Halo Slackbot

Community, supported by CloudPassage

don bot

Archive Halo events to local disk or S3

Community, supported by CloudPassage

halo events archiver

Downloads scans from Halo API.  Optionally, uploads those scans to S3.

Community, supported by CloudPassage

halo scans archiver

Celery app for Halo

Community, supported by CloudPassage

halocelery

Security ecosystem integrations for CloudPassage Halo

Community, supported by CloudPassage

cortex

This project will scan all the images in registries monitored by Halo and return a non-zero status if there are any critical vulnerabilities.

Community, supported by CloudPassage

vulnerable image check

Use CloudFormation to instantiate halo-registered test workloads.

Community, supported by CloudPassage

halo test environment

Provision CSP accounts in CloudPassage Halo CloudSecure.

Community, supported by CloudPassage

provision csp accounts

Synchronize Halo issues with Jira issues throughout the issue lifecycle.

Community, supported by CloudPassage

jira halo issues sync

Identifies policies using APA and cleans up legacy policies

Community, supported by CloudPassage

apa cleanup

Deployment Tools

The tools in this section are designed to make it easier to audit your
CloudPassage-protected workloads

Chef cookbook for installing the CloudPassage Halo agent

Community, supported by CloudPassage

cloudpassage chef cookbook

This program enables VMWare users to install/uninstall the CloudPassage Halo daemon across their VMWare infrastructure.

CloudPassage Partner Integration

vmware integration

Puppet modules for managing Cloudpassage

Community, unsupported

puppet cloudpassage

Deploy Halo via AWS Beanstalk

Community, supported by CloudPassage

aws beanstalk

Ansible Halo

Community, supported by CloudPassage

ansible halo

CloudPassage Bosh

Community, supported by CloudPassage

cloudpassage bosh

Get last module scan results from Halo, exit code based on critical/non-critical issue count.

Community, supported by CloudPassage

server ci helper

Sample Jenkins pipeline configs for scanning AMIs and Docker images with CloudPassage Halo and Jenkins

Community, supported by CloudPassage

jenkins pipeline samples

Integration Tools

These tools are designed to integrate CloudPassage Halo with other systems.

This Ruby script adds or removes IP addresses from an IP zone that is used in a Halo firewall policy.

Community, unsupported

modify ip zone

Looks at all Halo-secured systems in a single portal account and reports on all server-local accounts whose passwords have not been changed in over M days (where M is specified on the command line).

Community, unsupported

stale passwords

These scripts regularly update the /etc/hosts file on each Halo-protected server with both the name and IP address of every other server, so that syslog entries will specify server name as well as IP address.

Community, unsupported

autogen hosts

This library contains support routines used by Ruby programs accessing the CloudPassage Halo API.

Community, supported by CloudPassage

wlslib

Convert between AWS Security Groups and Halo Firewall Policies

CloudPassage Partner Integration

transformer

The program makes Halo API calls to retrieve event and scan data from the Halo Grid and coverts it into XML format

Community, unsupported

halo data in xml format

Using CloudPassage Halo to manage application admission

Community, unsupported

halo application membership control

Python SDK for CloudPassage Halo API

Community, supported by CloudPassage

cloudpassage halo python sdk

Streams Halo Events to a variety of target systems (SIEM, GRC, etc)

Community, supported by CloudPassage

connector

Don-Bot, the Halo Slackbot

Community, supported by CloudPassage

don bot

CloudPassage Splunk

Community, supported by CloudPassage

cloudpassage splunk

Security ecosystem integrations for CloudPassage Halo

Community, supported by CloudPassage

cortex

Use CloudFormation to instantiate halo-registered test workloads.

Community, supported by CloudPassage

halo test environment

Synchronize Halo issues with Jira issues throughout the issue lifecycle.

Community, supported by CloudPassage

jira halo issues sync

The purpose of

halo sumologic

Get last module scan results from Halo, exit code based on critical/non-critical issue count.

Community, supported by CloudPassage

server ci helper

Sample Jenkins pipeline configs for scanning AMIs and Docker images with CloudPassage Halo and Jenkins

Community, supported by CloudPassage

jenkins pipeline samples

Policies

This is a collection of policies for CloudPassage Halo.

Cloudpassage Halo policy for detecting Bitcoin miners CPUMiner and CUDAMiner

Community, unsupported

cloudpassage halo policy bitcoin miner

CloudPassage Halo policy for detecting vulnerability to CVE-2014-3566 (AKA POODLE)

Community, unsupported

mangy beast