Correlate administrators across the Cisco product portfolio to detect anomalies and changes to role-based access control.
Hawk is a Django based SaaS security tool, which displays administrators in the Cisco Portfolio. Monitoring Administators typically has been a manual task, which is prone to human error and miscommunication. The goal is to simplify this for SecOps teams, enabling them to monitor who has R/W access.
- Python 3 is installed.
- Have an Auth0 account for SSO.
- DUO 2FA is recommended.
- API Access to any products you'd like to integrate.
Hawk has a number of dependencies, you can install these from the requirements.txt file.
(./) pip install -r requirements.txtHawk makes use of a number of enviroment variables, you'll need to populate these in your deployment enviroment. You can create a .env file (./sehack/sehack/.env) and place these enviroment variables inside that file.
django_key = RANDOM_STRING_HEREauth0_domain = DOMAIN FROM AUTH0auth0_key = KEY FROM AUTH0auth0_secret = SECRET FROM AUTH0Hawk makes use of a SQLite server for API key retention, you will need to execute a Django Migration for this to function correctly.
python manage.py migrateYou can use the in-built Django Web-Server, however it is recommended to use a production ready web-server.
(./sehack) python manage.py runserver 3000Auth0 has a number of steps to validate authetnication requests, you will need to upload the domain you are running the server from to your auth0 Dashboard, you can find out more about this here.
We currently support as small subset of Cisco Security Products, you can find these below.
- Meraki Dashboard
- Identity Services Engine
- Cisco SD-WAN (Formerly Viptela)
- Umbrella
- Duo (Roadmap)
- WebEx (Roadmap)