Implementing Security Chaos Engineering

实施安全混沌工程

When to Use

适用场景

When deploying or configuring implementing security chaos engineering capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

在您的环境中部署或配置安全混沌工程能力时
建立符合合规要求的安全控制措施时
构建或改进该领域的安全架构时
开展需要此实施的安全评估时

Prerequisites

前提条件

Familiarity with security operations concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

熟悉安全运营概念与工具
可访问测试或实验室环境以安全执行实验
安装Python 3.8+及所需依赖
具备任何测试活动的适当授权

Instructions

操作说明

Design and execute security chaos experiments that intentionally break security controls to verify that detection, alerting, and response systems work correctly.

python

undefined

设计并执行安全混沌实验，故意破坏安全控制措施，以验证检测、告警与响应系统是否正常工作。

python

undefined

Example: Verify detection when a security group is opened

import boto3 ec2 = boto3.client("ec2")

Chaos experiment: temporarily add 0.0.0.0/0 rule

ec2.authorize_security_group_ingress( GroupId="sg-12345", IpProtocol="tcp", FromPort=22, ToPort=22, CidrIp="0.0.0.0/0", )

Verify: does GuardDuty/Config alert fire within SLA?

Rollback: remove the rule after verification


Key experiments:
1. Open a security group and verify Config Rule alerts
2. Disable CloudTrail and verify detection time
3. Create IAM admin user and verify alert triggers
4. Simulate log pipeline failure and check monitoring gaps
5. Deploy test malware hash and verify EDR response


关键实验场景：
1. 开放安全组并验证Config Rule告警
2. 禁用CloudTrail并验证检测时间
3. 创建IAM管理员用户并验证告警触发
4. 模拟日志管道故障并检查监控缺口
5. 部署测试恶意软件哈希并验证EDR响应

Examples

示例

python

undefined

python

undefined

Rollback function for safe experiment execution

def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300): try: setup_fn() result = verify_fn(timeout) finally: rollback_fn() return result

undefined

def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300): try: setup_fn() result = verify_fn(timeout) finally: rollback_fn() return result

undefined

implementing-security-chaos-engineering

Original

Translation

Implementing Security Chaos Engineering

实施安全混沌工程

When to Use

适用场景

Prerequisites

前提条件

Instructions

操作说明

Example: Verify detection when a security group is opened

Example: Verify detection when a security group is opened

Chaos experiment: temporarily add 0.0.0.0/0 rule

Chaos experiment: temporarily add 0.0.0.0/0 rule

Verify: does GuardDuty/Config alert fire within SLA?

Verify: does GuardDuty/Config alert fire within SLA?

Rollback: remove the rule after verification

Rollback: remove the rule after verification

Examples

示例

Rollback function for safe experiment execution

Rollback function for safe experiment execution