DocsRelease Notes

./HAVOC CloudWatch Logs Resouorces

Details about AWS CloudWatch Logs created in a ./HAVOC deployment

Suggest Edits

When creating a new ./HAVOC deployment, several CloudWatch Logs resources are created in your AWS account. Below is a list of the CloudWatch Logs resources that are created.

The Terraform configuration file that is used to create the CloudWatch Logs resources is available here: https://github.com/havocsh/havoc/blob/main/havoc_deploy/aws/terraform/cw_logs.tf

CloudWatch Log Groups

CloudWatch Log Groups are used to organize and retain log data. The log groups are created with specified retention periods.

ECS Task Logs

  • Name: ${var.deployment_name}/tasks_cluster
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the ECS tasks in the ./HAVOC deployment's task cluster.

ECS Playbook Operator Logs

  • Name: ${var.deployment_name}/playbook_operator_cluster
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the ECS Playbook Operator tasks in the ./HAVOC deployment's playbook operator cluster.

Task Results Logging

  • Name: ${var.deployment_name}/task_results_logging
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data related to task results in the ./HAVOC deployment.

Playbook Results Logging

  • Name: ${var.deployment_name}/playbook_results_logging
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data related to playbook results in the ./HAVOC deployment.

Authorizer Logs

  • Name: /aws/lambda/${var.deployment_name}-authorizer
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Authorizer Lambda function in the ./HAVOC deployment.

Trigger Executor Logs

  • Name: /aws/lambda/${var.deployment_name}-trigger-executor
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Trigger Executor Lambda function in the ./HAVOC deployment.

Manage Logs

  • Name: /aws/lambda/${var.deployment_name}-manage
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Manage Lambda function in the ./HAVOC deployment.

Remote Task Logs

  • Name: /aws/lambda/${var.deployment_name}-remote-task
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Remote Task Lambda function in the ./HAVOC deployment.

Task Control Logs

  • Name: /aws/lambda/${var.deployment_name}-task-control
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Task Control Lambda function in the ./HAVOC deployment.

Playbook Operator Control Logs

  • Name: /aws/lambda/${var.deployment_name}-playbook-operator-control
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Playbook Operator Control Lambda function in the ./HAVOC deployment.

Task Result Logs

  • Name: /aws/lambda/${var.deployment_name}-task-result
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Task Result Lambda function in the ./HAVOC deployment.

Playbook Operator Result Logs

  • Name: /aws/lambda/${var.deployment_name}-playbook-operator-result
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Playbook Operator Result Lambda function in the ./HAVOC deployment.

Workspace Access Get Logs

  • Name: /aws/lambda/${var.deployment_name}-workspace-access-get
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Workspace Access Get Lambda function in the ./HAVOC deployment.

Workspace Access Put Logs

  • Name: /aws/lambda/${var.deployment_name}-workspace-access-put
  • Retention in Days: ${var.results_queue_expiration}

This log group captures and retains log data for the Workspace Access Put Lambda function in the ./HAVOC deployment.

CloudWatch Log Subscription Filters

CloudWatch Log Subscription Filters are used to stream log data to AWS Lambda functions based on specified filter patterns.

Task Result Lambda Function Log Filter

  • Name: task_result_lambdafunction_logfilter
  • Log Group: ${aws_cloudwatch_log_group.ecs_task_logs.name}
  • Filter Pattern: instruct_command_output user_id task_name
  • Destination ARN: ${aws_lambda_function.task_result.arn}

This subscription filter streams log data from the ECS Task Logs to the Task Result Lambda function based on a filter pattern.

Playbook Operator Result Lambda Function Log Filter

  • Name: playbook_operator_result_lambdafunction_logfilter
  • Log Group: ${aws_cloudwatch_log_group.ecs_playbook_operator_logs.name}
  • Filter Pattern: user_id
  • Destination ARN: ${aws_lambda_function.playbook_operator_result.arn}

This subscription filter streams log data from the ECS Playbook Operator Logs to the Playbook Operator Result Lambda function based on a filter pattern.

These CloudWatch Logs and subscription filters are crucial for capturing and processing log data generated by various components of the ./HAVOC deployment.

Updated 7 months ago