How to Generate Compliance Alert Reports Using the Threat Stack API

In previous posts we have described how Threat Stack can help demonstrate compliance, for example with PCI and FFIEC guidance, HIPAA, SOC 2, and other compliance frameworks. (See the Resources section below.) To assist our customers with these initiatives, we have created sample compliance rule sets that can be used to generate alerts that are mapped to specific requirements of these frameworks.

In this post we explain how to leverage the Threat Stack API to create reports of alerts from specific rule sets that can be given to auditors to help demonstrate compliance, used internally, or shared with customers. 

Configuring the Reporting App on Your System

To configure your system to enable the generation of reports from a command line, you need to complete the following steps: 

  1. Download and install python3
  2. Run pip3 install requests
  3. Create a directory in which to install the reporting app (e.g., “GetAlerts”)
  4. cd to the new directory
  5. Run git clone https://github.com/dmweinst/ts-api-reports.git

Generating Reports From a Command Line

After configuring the reporting instance, you can generate a report from the command line as follows:

  1. cd to the ts-api-reports directory inside the reporting app directory where you installed the app.
  2. Run the command with arguments as follows:

python3 get_alerts.py

–auth [the API key for your Threat Stack org]

–org [the OrgID for your Threat Stack org]

–count [the number of items to include; be sure to set this high enough to include all alerts matching the filter between the start and end dates]

–fields severity, last_updated_at, title [other fields may work; your mileage may vary]

–start “yyyy-mm-dd hh:mm:ss” [starting date/time for the report]

–end “yyyy-mm-dd hh:mm:ss” [ending date/time for the report]

–filters “title like HIPAA and title like File” [any valid alert query; recommend using a term specifying the compliance ruleset e.g., HIPAA, PCI, SOC 2]

–outfile [path]/HIPAA-$(date -u “+%Y-%m-%d-%H-%M”).csv [this will generate a file at this path with a filename including e.g., HIPAA and a time/date stamp; recommend including a term specifying the compliance ruleset e.g., HIPAA, PCI, SOC 2]

–omitheader [optional if you intend to import the CSV into a pre-formatted template with a header row]

This will generate a file in CSV format which can be imported into a spreadsheet application, formatted with conditional formatting to color the first column red, orange, or yellow based on severity, and exported as a PDF as shown below: 

ComplAlertRptsScreen2.png

Summary

With the Threat Stack API and this reporting app, you can now quickly and easily transform the results of compliance rule sets into documentation that you can use internally or provide to customers and auditors.

Final Words . . .

To learn how to meet regulatory standards, address core issues that compliance audits are based on, and deliver added value in the form of security that’s implemented throughout your cloud environment to keep your data and systems safe, download your free copy of Fast-Tracking Compliance in the Cloud.