• Stars
    star
    4,763
  • Rank 8,860 (Top 0.2 %)
  • Language
    TypeScript
  • License
    Apache License 2.0
  • Created almost 5 years ago
  • Updated 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Open Source Cloud Native Application Protection Platform (CNAPP)

Deepfence Logo

GitHub license GitHub stars GitHub issues Documentation Chinese Chinese Demo Docker pulls Slack Twitter

ROSS Index - Fastest Growing Open-Source Startups | Runa Capital

Documentation β€’ ReadMe in Chinese β€’ ReadMe in Chinese (Taiwan) β€’ Slack Community β€’ Discord Community

πŸŽ‰ Announcing ThreatMapper 1.5

ThreatMapper 1.5.0 adds ThreatGraph, a rich visualization that uses runtime context such as network flows to prioritize threat scan results. ThreatGraph enables organizations to narrow down attack path alerts from thousands to a handful of the most meaningful (and threatening). Release 1.4.0 also adds agentless cloud security posture management (CSPM) of cloud assets and agent-based posture management of hosts, evaluating posture against industry-standard compliance benchmarks.

ThreatMapper - Runtime Threat Management and Attack Path Enumeration for Cloud Native

Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets, malwares and deviations from good security practice. ThreatMapper uses a combination of agent-based inspection and agent-less monitoring to provide the widest possible coverage to detect threats.

With ThreatMapper's ThreatGraph visualization, you can then identify the issues that present the greatest risk to the security of your applications, and prioritize these for planned protection or remediation.



Learn the Topology


Identify Threats


Explore the ThreatGraph

When to use ThreatMapper

ThreatMapper carries on the good 'shift left' security practices that you already employ in your development pipelines. It continues to monitor running applications against emerging software vulnerabilities, and monitors the host and cloud configuration against industry-expert bnechmarks.

Use ThreatMapper to provide security observability for your production workloads and infrastructure, across cloud, kubernetes, serverless (Fargate) and on-prem platforms.

Getting Started with ThreatMapper

threatmapper-github.mp4

Planning your Deployment

ThreatMapper consists of two components:

  • The ThreatMapper Management Console is a container-based application that can be deployed on a single docker host or in a Kubernetes cluster.
  • ThreatMapper monitors running infrastructure using agentless Cloud Scanner tasks and agent-based Sensor Agents

The Management Console

You deploy the Management Console first, on a suitable docker host or Kubernetes cluster. For example, on Docker:

# Docker installation process for ThreatMapper Management Console
sudo sysctl -w vm.max_map_count=262144 # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html

wget https://github.com/deepfence/ThreatMapper/raw/release-1.5/deployment-scripts/docker-compose.yml
docker compose up -d

Once the Management Console is up and running, you can register an admin account and obtain an API key.

Cloud Scanner tasks

ThreatMapper Cloud Scanner tasks are responsible for querying the cloud provider APIs to gather configuration and identify deviations from compliance benchmarks.

The task is deployed using a Terraform module. The ThreatMapper Management Console will present a basic configuration that may be deployed with Terraform, or you can refer to the expert configurations to fine-tune the deployment (AWS, Azure, GCP).

Sensor Agents

Install the sensor agents on your production or development platforms. The sensors report to the Management Console; they tell it what services they discover, provide telemetry and generate manifests of software dependencies.

The following production platforms are supported by ThreatMapper sensor agents:

  • Kubernetes: ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart.
  • Docker: ThreatMapper sensors are deployed as a lightweight container.
  • Amazon ECS: ThreatMapper sensors are deployed as a daemon service using a task definition.
  • AWS Fargate: ThreatMapper sensors are deployed as a sidecar container, using a task definition.
  • Bare-Metal or Virtual Machines: ThreatMapper sensors are deployed within a lightweight Docker runtime.

For example, run the following command to start the ThreatMapper sensor on a Docker host:

docker run -dit --cpus=".2" --name=deepfence-agent --restart on-failure --pid=host --net=host --privileged=true \
  -v /sys/kernel/debug:/sys/kernel/debug:rw -v /var/log/fenced -v /var/run/docker.sock:/var/run/docker.sock -v /:/fenced/mnt/host/:ro \
  -e MGMT_CONSOLE_URL="---CONSOLE-IP---" -e MGMT_CONSOLE_PORT="443" -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" -e USER_DEFINED_TAGS="" \
  deepfenceio/deepfence_agent_ce:1.5.0

On a Kubernetes platform, the sensors are installed using helm chart

Next Steps

Visit the Deepfence ThreatMapper Documentation, to learn how to get started and how to use ThreatMapper.

Get in touch

Thank you for using ThreatMapper. Please feel welcome to participate in the ThreatMapper Community.

Security and Support

For any security-related issues in the ThreatMapper project, contact productsecurity at deepfence dot io.

Please file GitHub issues as needed, and join the Deepfence Community Slack channel.

License

The Deepfence ThreatMapper project (this repository) is offered under the Apache2 license.

Contributions to Deepfence ThreatMapper project are similarly accepted under the Apache2 license, as per GitHub's inbound=outbound policy.

More Repositories

1

SecretScanner

πŸ”“ πŸ”“ Find secrets and passwords in container images and file systems πŸ”“ πŸ”“
Go
3,092
star
2

PacketStreamer

⭐ ⭐ Distributed tcpdump for cloud native environments ⭐ ⭐
Go
1,870
star
3

YaraHunter

πŸ”πŸ” Malware scanner for cloud-native, as part of CI/CD and at Runtime πŸ”πŸ”
Go
1,234
star
4

FlowMeter

⭐ ⭐ Use ML to classify flows and packets as benign or malicious. ⭐ ⭐
Go
1,105
star
5

ebpfguard

Rust library for writing Linux security policies using eBPF
Rust
281
star
6

community

Deepfence Community
69
star
7

deepfence_runtime_api

Deepfence Runtime API & code samples
HTML
50
star
8

vessel

Vessel is the Go based utility that autodetects underlying Container Runtime in Kubernetes
Go
45
star
9

ThreatStryker-docs

ThreatStryker Documentation
42
star
10

package-scanner

Go
41
star
11

yara-rules

YARA
38
star
12

DocumentationWebsite

JavaScript
36
star
13

terraform-gcp-cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console
HCL
35
star
14

terraform-aws-cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console
HCL
35
star
15

helm-charts

Smarty
34
star
16

terraform-azure-cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console
HCL
33
star
17

CI-CD-Integrations

CI/CD plugins for image scanning, integrations with AWS ECR, Google Container Registry
HCL
32
star
18

secretscanner-docker-extension

⛴️ Docker extension for deepfence/SecretScanner πŸ”
JavaScript
25
star
19

yarahunter-docker-extension

⛴️Docker extension for deepfence/YaraHunterπŸ”Ž
JavaScript
24
star
20

terraform-aws-threatmapper

ThreatMapper Terraform module for AWS
HCL
24
star
21

agent-plugins-grpc

Agent plugins' gRPC definitions
Makefile
23
star
22

pcap-tools

C
22
star
23

compliance

Compliance Scripts Handler
Shell
21
star
24

apache-struts

This repository contains sample attacks that can be used to exploit vulnerabilities in the Jakarta Multipart Parser of Apache Struts
Java
20
star
25

.github

18
star
26

sock-app-canary

Shell
17
star
27

golang_deepfence_sdk

Golang deepfence SDK
Go
15
star
28

kubernetes-scanner

Kubernetes Security Posture Management
Go
14
star
29

cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console.
Go
4
star
30

ThreatMapperWorkshop

CNAPP Security Workshop using ThreatMapper
4
star
31

open-tracer

Open tracer that uses eBPF kernel features
Rust
3
star
32

threatmapper-python-client

ThreatMapper python client
Python
3
star
33

ebpfguard-blog-example

Sample of eBPFGuard capabilities for upcoming blogpost.
Rust
3
star
34

deepfence-playground

Deepfence's Sandbox on killercoda Platform
Shell
2
star
35

terraform-provider-deepfence

Deepfence Terraform provider
2
star
36

CommunityThreatIntel

Threat Intelligence by and for the community
1
star
37

http2viewer

HTTP2 message viewer
Go
1
star
38

match-scanner

Go
1
star