Steps to identify the EC2 instance AWS account information

Posted on August 22, 2018 by

We have lot of accounts for each application in AWS  and few we will have rights and others restricted . Few cases like we have access to the SSH of the EC2 instance but not aware of  which AWS account the instance belongs.

Easy way to identify the account details , follow the below steps.

  1. curl http://169.254.169.254/latest/meta-data/mac

We will get the MAC output( example ) 1a:2b:3c:4d:5:6f 

2. http://169.254.169.254/latest/meta-data/network/interfaces/macs/‘mac’/owner-id

http://169.254.169.254/latest/metadata/network/interfaces/macs/1a:2b:3c:4d:5:6f /owner-id

We will get the corresponding AWS account number as the output.

Advertisements
Posted in AWS | Tagged , | Leave a comment

July MS patch issue and fix

Posted on July 30, 2018 by

We were encountered  few issue after the July month Microsoft patch KB4338814\KB4338815. After applying the patch users have reported about the DHCP issue and SQL fail-over cluster issue.On few servers we were not able to open the DHCP \ MS Fail-over console also and it has been fixed once we un-installed the above mentioned patches.

Microsoft has released new patches to address the same.

Follow the below MS Links to understand the issue and to fix it.

https://blogs.msdn.microsoft.com/psssql/2018/07/26/july-10-2018-windows-updates-cause-sql-startup-issues-due-to-tcp-port-is-already-in-use-errors/

https://support.microsoft.com/en-us/help/4338814/windows-10-update-kb4338814

https://support.microsoft.com/en-us/help/4345418/windows-10-update-kb4345418

If you are getting “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors then it is because of the problematic .NET July security patches and below link will help to fix the same.

https://support.microsoft.com/en-us/help/4345913/access-denied-errors-after-installing-july-2018-security-rollup-update.

Posted in Windows | Tagged , , , , | Leave a comment

Bug in some vSAN code that Logic Monitoring is polling

Posted on June 30, 2018 by

As per the below link  if we are using the Logic Monitoring for VSphere environment, It looks like due to a change in the server-side API behavior of VMware 6.5, could trigger host instability, or possibly a crash of an ESXi 6.5 host.

https://communities.logicmonitor.com/topic/1945-fyi-lm-can-trigger-esxi-65-hostd-to-crash/?tab=comments#comment-4839

 

To ensure the stability of your VMware environment, we highly recommend upgrading to version 2 of VMware_vSphere_HostPerformance from the repository. You alternatively use this locator: 99EKKN

Please note that this version is not backwards compatible with the version 1 series, so history will be lost upon upgrade. You can avoid this by renaming and then disabling the current version of the DataSource in your account before upgrading. This will ensure you don’t lose the historical data from version 1. If you’re unsure, please reach out to Support and they can help walk you through upgrading.

Posted in ESXi issue, VCSA6.5, VMware | Tagged , | Leave a comment

Adding the AWS Account in to the Trend DSM – Part 2

Posted on May 31, 2018 by

Add your AWS account to Deep Security. This imports all your Amazon EC2 instances into Deep Security Manager. Your EC2 instances appear on the left under Computers > your_AWS_account > your_region > your_VPC > your_subnet.

From there, you can manage them like any other computer.

If you previously added Amazon EC2 instances as individual computers, and they are part of your AWS account, after importing the account.

There are several ways to add AWS accounts to Deep Security Manager:

  • Add your AWS account using the quick setup option. This is the easiest way to add an account because it uses an AWS CloudFormation template to automate the setup. You can run through the quick setup several times to add multiple AWS accounts. The quick setup is the automated way of adding your account using a cross account role, which is described next.
    This method is available with this deployment method:

Deep Security as a Service

This AWS CloudFormation stack creates access privileges that will allow the Trend Micro Deep Security service (https://app.deepsecurity.trendmicro.com/) to monitor your AWS instances. The stack will automatically update your Trend Micro Deep Security account with your AWS account information. You can delete this stack after it completes and the Deep Security service will keep working. To revoke access, go to the Identity and Account Management console and delete the role named ‘DeepSecurity’ .**WARNING** This template creates an Amazon EC2 instance that runs for a very short period and then terminates itself. You will be billed for the very small amount of AWS resources used if you create a stack from this template.

 

Add your AWS account using the quick setup option

Applies to Deep Security as a Service only.

  1. In the Deep Security Manager, go to the Computers page and click Add > Add AWS Account.

Select Quick

Screen Shot 2018-05-31 at 11.03.09 PM

Click Next.

A page appears that describes what happens during the setup process with a URL. The URL is valid for one hour.

Screen Shot 2018-05-31 at 11.05.27 PM

Click Next.

If you have not already signed into your AWS account you are prompted to do so.

Click Next on the Select Template page to accept the defaults.

Screen Shot 2018-05-31 at 11.06.30 PM

If your organization uses tags, you can add them on the Options page.

Screen Shot 2018-05-31 at 11.07.53 PM.png

Screen Shot 2018-05-31 at 11.08.50 PM.png

Click Next.

On the Review page, select the check box next to I acknowledge that this template might cause AWS CloudFormation to create IAM resources.

 

Screen Shot 2018-05-31 at 11.10.00 PM.png

Screen Shot 2018-05-31 at 11.10.40 PM

Click Create.

When AWS CloudFormation finishes setting up a cross account role, the Deep Security Manager wizard displays a success message. You can close the screen before the success message is displayed. The account is added to Deep Security immediately after the cross account role is set up.

Screen Shot 2018-05-31 at 11.12.21 PM.png

 

Screen Shot 2018-05-31 at 11.14.32 PM.png

Screen Shot 2018-05-31 at 11.15.31 PM_censored (1)

Posted in AWS, Trend Micro Deep Security | Tagged , , , | Leave a comment

Trend Deep security Protection on AWS – Part 1

Posted on April 30, 2018 by

Enable agility with security built for Amazon EC2. Trend Micro’s instance-based  protection, deep API integration and AWS CloudFormation templates help you automate security and accelerate compliance. Together Trend Micro and AWS deliver proactive cloud security that Security trusts and DevOps likes. With AWS Marketplaceas a service or software deployment options and pay-as-you-go pricing options, you can seamlessly integrate security into your environment, whether you’re all in the cloud or still supporting hybrid infrastructures.

Same like old blog series on Trend DSM , we can see the new blog series on the below topics to enable the EC2 instance with Trend DSM as a service.

  1. Login setup
  2. Adding the AWS Account in to the Trend DSM
  3. How to use deployment scripts to add and protect computers
  4. Activating the Trend Agent
  5. Bake the agent into your AMI

 

  1. Login setup

Login to the below link and create the free account for the testing.

https://www.trendmicro.com/aws/free-trial/

Create the own account and login , We can see the Trend Deep security Manager dashboard.

Posted in AWS, Trend Deep Security Manager - ( DSM ), Trend Micro Deep Security | Tagged , , , , | Leave a comment

Trend Deep Security – Customizing the alert configuration.

Posted on March 28, 2018 by

In Trend DSM, if we want to send the alert email notification , we have to go to settings – alert and select what type of notification we want to receive but by default all the alerts are enabled and to disable we need to open each alert and select it manually.

It will take time to open and modify each alert and easy way to fix the same is to open the SQL database and run the below query .

———————
select * from alerttypes
———————
The 3 columns “NotifyStart”, “NotifyEnd”, and “NotifyChange” if the value is set to 1, it means it will generate an email alert for that alert type.   We can use the following sql queries to turn off all these settings.
—————————————-
update alerttypes set NotifyStart = ‘0’
update alerttypes set NotifyEnd = ‘0’
update alerttypes set NotifyChange = ‘0’
—————————————-

Once the alert configurations are turned off, you will need to enable the alert you want to receive notification manually from the Deep Security Web Console, this action helps you turn off all of the settings instead of having to go through them one at a time.

Posted in Trend Micro Deep Security, Trend Micro Deep Security 9.5 Events and Monitoring | Tagged , , | Leave a comment

Trend Deep Security agentless windows 2016 protection

Posted on February 28, 2018 by

Even-though the 9.6 Service pack 1 was supporting the agentless protection which was tested in our lab, it was not officially supported by Trend and from the latest version Deep Security 9.1 Update Release (9.6 ServicePack 1 Patch1 Update 15) it started supporting now.

As per the Trend support team the EPSECLib 6.3.3 packaged into the RedHat agent version that goes into the DSVA to properly support Windows 2016 servers.

Also another issue which got fixed by this patch is when doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. It looks like from this patch it will do another check status or waiting for the next heartbeat will fix the status.

 

Posted in Trend Deep Security Manager - ( DSM ), Trend Micro Deep Security, Trend Micro Deep Security 9.5 ( Deep Security Agent ), Trend Micro Deep Security 9.5 ( VDI Environment-Agentless Protection ), Windows | Tagged , , , | Leave a comment