AWS GuardDuty lambda rule generation

AWS GuardDuty lambda rule generation

Hey all,

I'm attempting to use the GuardDuty integration that's on github here: https://github.com/PaloAltoNetworks/pan_guard_duty

 

I've gone through all of the steps but I get an error local and in lambda of:

python lambda_fw_config.py<test_event.json
[Lambda handler]Received event: null
Traceback (most recent call last):
  File "lambda_fw_config.py", line 341, in <module>
    lambda_handler(None, None)
  File "lambda_fw_config.py", line 319, in lambda_handler
    fw_ip = os.environ['10.0.0.6']
NameError: global name 'os' is not defined

 

I see that pandevice and pan-python are installed:

pip install pandevice -t .
Collecting pandevice
Collecting pan-python (from pandevice)
Installing collected packages: pan-python, pandevice
Successfully installed pan-python-0.13.0 pandevice-0.6.3
Target directory /home/xponent/code/python/pan_guard/pan already exists. Specify --upgrade to force replacement.
Target directory /home/xponent/code/python/pan_guard/pan_python-0.13.0.dist-info already exists. Specify --upgrade to force replacement.

 

Not sure what I'm missing, there is no os in pandevice to import.  Ideas?  Thanks!

L1 Bithead

Re: AWS GuardDuty lambda rule generation

Hi,

 

  Were you able to figure out the problem?  I tried changing the fw_ip etc to a value and removed the os.environ.  Then, it errored out in the next function.  Does anyone know if this works?  I see no updates and Palo Alto will not provide any support on it.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!