Home

Awesome

Varna

Varna is an AWS serverless cloud security tool that parses and alerts on CloudTrail logs using Event Query Language (EQL). Varna is deployed as a lambda function, for scanning and serving web requests, and a dynamodb table, for keeping track of seen alerts. Varna is cheap & efficient to run, costing less than 15 dollars a month with proper configuration and ingesting alerts as soon as CloudTrail stores them in S3.

You can find more information to install on how to install Varna in the install.md.

All of the rules can be found in the rules folder and should be fairly understandable.

Features:

Varna is basically feature complete for our needs, the only outstanding work that might be done is incorporating SAML authentication or a method for bulk past search. If you have questions or would like to discuss a new feature, feel free to email me.

Some quick screenshots of the web interface:

List Alarms Past Search