Merge branch 'feat/adding_security_incident_share' into 'master'

Feat/adding security incident share See merge request !6

Merge branch 'feat/adding_security_incident_share' into 'master'
Feat/adding security incident share See merge request !6
b0c3e169 · Jan Kryštof · 4ae1d6f6 · e19e4299 · b0c3e169 · b0c3e169
Commit b0c3e169 authored 1 year ago by Jan Kryštof
--- a/clouds/g1/brno/security_incidents/README.md
+++ b/clouds/g1/brno/security_incidents/README.md
@@ -3,7 +3,7 @@ This document describes details of process when CyberSecurity incidents is detec

 ## Workflow

-![metacentrum_cloud_incidents.drawio.png](images/metacentrum_cloud_incidents.drawio.png)
+![metacentrum_cloud_incidents.drawio.png](pictures/metacentrum_cloud_incidents.drawio.png)


 The MetaCentrum Security team detects suspicious VM and creates ticket in the RT instance `rt.cesnet.cz`, queue `cloud` and specifies actions to be taken by the MetaCentrum Cloud team including
@@ -13,7 +13,7 @@ The MetaCentrum Security team detects suspicious VM and creates ticket in the RT

 MetaCentrum Security handles communication with the user - owner of the Openstack project where the VM originates from. 

-Cloud team transfers the VM snapshot into Openstack project `meta-cloud-metac_sec-cerit_sec`. Access to this project is granted via Perun groups `meta-cloud-admins` (Cloud team) and `meta-sec` (Security team). [Available automation](https://gitlab.ics.muni.cz/cloud/g2/openstack-infrastructure-as-code-automation/clouds/g1/brno/security-incidents):
+Cloud team transfers the VM snapshot into Openstack project `meta-cloud-metac_sec-cerit_sec`. Access to this project is granted via Perun groups `meta-cloud-admins` (Cloud team) and `meta-sec` (Security team). For the automation checkout [scripts residing in GitLab](https://gitlab.ics.muni.cz/cloud/g2/openstack-infrastructure-as-code-automation/-/tree/master/clouds/g1/brno/security_incidents):

  - `acquire_snapshot_and_create_volume_transfer.sh <THE_ORIGINAL_VM_VOLUME_ID>`
  - `accept_volume_transfer.sh <VOLUME_TRANSFER_ID>` => results in a new volume with id shared with the Security team. 

--- a/clouds/g1/brno/security_incidents/pictures/metacentrum_cloud_incidents.drawio
+++ b/clouds/g1/brno/security_incidents/pictures/metacentrum_cloud_incidents.drawio
+<mxfile host="Electron" modified="2023-10-20T10:46:04.493Z" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/22.0.3 Chrome/114.0.5735.289 Electron/25.8.4 Safari/537.36" etag="ARmRQ70ry5-QWqQeqKaA" version="22.0.3" type="device">
+  <diagram name="Page-1" id="8lcTHrtBwOFWnczI7y1D">
+    <mxGraphModel dx="1434" dy="838" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-36" value="" style="whiteSpace=wrap;html=1;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="270" y="100" width="740" height="200" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-1" value="CESNET&lt;br&gt;CERTS" style="rounded=1;whiteSpace=wrap;html=1;strokeWidth=2;" parent="1" vertex="1">
+          <mxGeometry x="350" y="120" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-3" value="MetaCentrum&lt;br&gt;Security team" style="rounded=1;whiteSpace=wrap;html=1;strokeWidth=2;" parent="1" vertex="1">
+          <mxGeometry x="360" y="235" width="100" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-4" value="CSIRT-MU" style="rounded=1;whiteSpace=wrap;html=1;strokeWidth=2;" parent="1" vertex="1">
+          <mxGeometry x="585" y="120" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-5" value="MUNI" style="rounded=1;whiteSpace=wrap;html=1;strokeWidth=2;" parent="1" vertex="1">
+          <mxGeometry x="585" y="10" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-6" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="Bkc7fFFbiiHV9RRgbnzn-3" target="Bkc7fFFbiiHV9RRgbnzn-1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="310" y="365" as="sourcePoint" />
+            <mxPoint x="360" y="315" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-8" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" source="Bkc7fFFbiiHV9RRgbnzn-4" target="Bkc7fFFbiiHV9RRgbnzn-5" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="565" y="250" as="sourcePoint" />
+            <mxPoint x="635" y="75" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-9" value="Computer Security Incident Response Teams" style="text;whiteSpace=wrap;" parent="1" vertex="1">
+          <mxGeometry x="740" y="100" width="270" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-10" value="Cloud User&lt;br&gt;&lt;span style=&quot;color: rgb(0, 0, 0); font-size: 11px; text-align: right; background-color: rgb(255, 255, 255);&quot;&gt;&amp;nbsp;&lt;/span&gt;" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#232F3D;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.user;" parent="1" vertex="1">
+          <mxGeometry x="69" y="375" width="78" height="78" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-11" value="e-INFRA CZ / MetaCentrum Cloud" style="ellipse;shape=cloud;whiteSpace=wrap;html=1;labelPosition=center;verticalLabelPosition=bottom;align=center;verticalAlign=top;" parent="1" vertex="1">
+          <mxGeometry x="260" y="339" width="520" height="181" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-12" value="" style="endArrow=none;html=1;rounded=0;labelPosition=left;verticalLabelPosition=middle;align=right;verticalAlign=middle;" parent="1" source="Bkc7fFFbiiHV9RRgbnzn-10" target="Bkc7fFFbiiHV9RRgbnzn-21" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="440" y="360" as="sourcePoint" />
+            <mxPoint x="575.1005050633883" y="360.67766952966394" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-21" value="compromised device" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;strokeColor=#FF3333;fillColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.traditional_server;" parent="1" vertex="1">
+          <mxGeometry x="470" y="377" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-23" value="" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;strokeColor=#232F3E;fillColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.traditional_server;" parent="1" vertex="1">
+          <mxGeometry x="655" y="414" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-24" value="" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;strokeColor=#232F3E;fillColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.traditional_server;" parent="1" vertex="1">
+          <mxGeometry x="610" y="415" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-22" value="" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;strokeColor=#232F3E;fillColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.traditional_server;" parent="1" vertex="1">
+          <mxGeometry x="565" y="415" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-27" value="CESNET" style="rounded=1;whiteSpace=wrap;html=1;strokeWidth=2;" parent="1" vertex="1">
+          <mxGeometry x="350" y="10" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-28" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="Bkc7fFFbiiHV9RRgbnzn-1" target="Bkc7fFFbiiHV9RRgbnzn-27" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="410" y="120" as="sourcePoint" />
+            <mxPoint x="409.5" y="85" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-29" value="CERIT&lt;br&gt;Security team" style="rounded=1;whiteSpace=wrap;html=1;strokeWidth=2;" parent="1" vertex="1">
+          <mxGeometry x="595" y="235" width="100" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-30" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="Bkc7fFFbiiHV9RRgbnzn-29" target="Bkc7fFFbiiHV9RRgbnzn-4" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="644.5" y="237.5" as="sourcePoint" />
+            <mxPoint x="644.5" y="187.5" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Bkc7fFFbiiHV9RRgbnzn-31" value="" style="shape=link;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;labelBackgroundColor=none;strokeColor=#FF0000;" parent="1" target="Bkc7fFFbiiHV9RRgbnzn-3" edge="1">
+          <mxGeometry width="100" relative="1" as="geometry">
+            <mxPoint x="158" y="260" as="sourcePoint" />
+            <mxPoint x="280" y="250" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="DyMJc3rCh__bVUlWjL28-1" value="&lt;br&gt;&lt;br&gt;communication" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];labelBackgroundColor=none;fontColor=#FF0000;" parent="Bkc7fFFbiiHV9RRgbnzn-31" vertex="1" connectable="0">
+          <mxGeometry x="-0.0099" y="-1" relative="1" as="geometry">
+            <mxPoint as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="qtpG4-VI09MVl3qjrZwv-1" value="MetaCentrum Cloud team" style="rounded=1;whiteSpace=wrap;html=1;strokeWidth=2;" parent="1" vertex="1">
+          <mxGeometry x="58" y="235" width="100" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="2C7tkXWoS5lswqi7GxpK-4" value="" style="shape=link;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;labelBackgroundColor=none;strokeColor=#FF0000;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="Bkc7fFFbiiHV9RRgbnzn-3" target="Bkc7fFFbiiHV9RRgbnzn-29" edge="1">
+          <mxGeometry width="100" relative="1" as="geometry">
+            <mxPoint x="140" y="560" as="sourcePoint" />
+            <mxPoint x="342" y="560" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="2C7tkXWoS5lswqi7GxpK-5" value="&lt;br&gt;&lt;br&gt;communication" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];labelBackgroundColor=none;fontColor=#FF0000;" parent="2C7tkXWoS5lswqi7GxpK-4" vertex="1" connectable="0">
+          <mxGeometry x="-0.0099" y="-1" relative="1" as="geometry">
+            <mxPoint as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="2C7tkXWoS5lswqi7GxpK-6" value="" style="shape=link;html=1;rounded=0;entryX=0;entryY=1;entryDx=0;entryDy=0;labelBackgroundColor=none;strokeColor=#FF0000;" parent="1" source="Bkc7fFFbiiHV9RRgbnzn-10" target="Bkc7fFFbiiHV9RRgbnzn-3" edge="1">
+          <mxGeometry width="100" relative="1" as="geometry">
+            <mxPoint x="178" y="280" as="sourcePoint" />
+            <mxPoint x="380" y="280" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="2C7tkXWoS5lswqi7GxpK-7" value="&lt;br&gt;&lt;br&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;communication" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];labelBackgroundColor=none;fontColor=#FF0000;" parent="2C7tkXWoS5lswqi7GxpK-6" vertex="1" connectable="0">
+          <mxGeometry x="-0.0099" y="-1" relative="1" as="geometry">
+            <mxPoint as="offset" />
+          </mxGeometry>
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>
--- a/clouds/g1/brno/security_incidents/pictures/metacentrum_cloud_incidents.drawio.png
+++ b/clouds/g1/brno/security_incidents/pictures/metacentrum_cloud_incidents.drawio.png