Dynamodb and tines security automation
An increasingly popular database choice amongst security teams is AWS DynamoDB. The key-value storage, simplicity, scalability and security offered by DynamoDB make it suitable for the kinds of data storage tasks common in security operations and incident response, especially if they already use AWS.
In this post we’ll explore how security teams can use DynamoDB in their automation stories.
Authenticating to AWS DynamoDB from Tines
To begin integrating Tines with AWS DynamoDB, we first need to create a credential. In your AWS console, create an IAM user with the appropriate permissions to perform actions in DynamoDB. Take the access key and access secret for the user and enter them into a new Tines AWS mode credential.
Next, specify a name for the credential and choose the AWS region you will be working with. Finally, under service name enter ‘dynamodb’.
When finished your Tines AWS credential should look like the below:
Using the AWS Credential
AWS credentials work a little differently to the other credential modes in Tines. When a HTTP Request Agent with an AWS mode credential included in a header called “Authorization” runs, Tines will use the AWS Signature Version 4 Signing Process and include the corresponding auth headers in the request before submitting it to AWS.
For example, the below HTTP Request agent uses an AWS mode credential (aws_cloudtrail) to list cloudtrails in the us-east-1 region.
When this agent runs, the request will be signed and will be converted to the following before being sent to AWS:
DynamoDB Tines Agents
Tines can perform all available DynamoDB actions. The following agent examples cover a selection of the cost common.
List Amazon AWS DynamoDB Tables
Scan an Amazon AWS DynamoDB table with a filter
Scan an Amazon AWS DynamoDB Table
Delete an Amazon AWS DynamoDB table
Create an Amazon AWS DynamoDB Table
Add an item to Amazon AWS DynamoDB table
Get an item from an Amazon AWS DynamoDB table
Delete an item from an Amazon AWS DynamoDB table
By including DynamoDB actions in Tines automation stories, security teams can quickly and reliably fetch and store important data, allowing them enrich security incidents and make better decisions around incident investigation and remediation.