👮🏽Amazon Inspector - Automated and Continual vulnerability management at scale

DAY 16 - Amazon Inspector - Automated and Continual vulnerability management at scale - Day Sixteen

Tweet This Blog - 100 days of Cloud on GitHub - Read On iCTPro.co.nz - Read on Dev.to

• Quickly discover vulnerabilities
• Prioritize patch remediation
• Meet compliance requirements
• Identify zero-day vulnerabilities sooner

Amazon Inspector helps to find security vulnerabilities on EC2. (Finding Common Vulnerabilities (CVE) , Center of Internet Security Benchmarks (CIS), Security Best practice & run time behavior).

An agent based service, which means you can add agent to your EC2 and start monitoring.

Why Amazon inspector?

• Monitor your application for vulnerabilities
• Crosschecks for Security compliance & exposure to attack.
• Secure your EC2 for zero day vulnerability.
• Low Cost are few of the benefits using Amazon Inspector.

Components

9 components
the Amazon Inspector role, assessment targets, AWS agents, assessment templates, rule packages, assessment runs, telemetry, assessment reports, and findings

🚨 Amazon Inspector role

• A read only access to all your EC2 environment

🎯 Assessment Targets

• A group of Ec2 or target group of Ec2. tags will be used to group.

📦 Agents

Software agents installed on the instance that you wish to monitor (agents are updated automatically). Supports both Linux and Windows.

Installing the Amazon Inspector agent on a Linux

wget https://inspector-agent.amazonaws.com/linux/latest/install

or

curl -O https://inspector-agent.amazonaws.com/linux/latest/install

Then

sudo bash install

For Windows

Download .exe file from this link

or copy paste

https://inspector-agent.amazonaws.com/windows/installer/latest/AWSAgentInstall.exe

and execute AWSAgentInstall.exe

📝 Assessment templates

This will decide how an assignment on ec2 should run. We can use SNS to notify the finding. Once you created you cannot modify the template.

✔️ Rule Packages

Set of individual rules that are checked against EC2 instance with severity level (High, Medium, Low, Informational).

Supported Rules packages

CVE, CIS, Security Best Practices

• CVE - publicly known security threats.
• CIS - Global Standard for Security standards For IT resources
• Security best Practices - Common best practices in Linux based Ec2 targets.

🏃 Assessment Run

Assessment run will be used Once you configure Role, agent, Target & template Configured.

📇 Telemetry

Data collected from instance , once collected the data will be sent to Inspector and stored in s3 with KMS key. Inspector Analyse the data from S3 with rule packages. After 30 days telemetry data is deleted.

📘 Assessment Reports

Provides a assessment on results.
There are Mainly two types of report

• Findings reports

  • Summary of assessment
  • List of EC2 assessed
  • Rules Used
  • Findings

• Full report

  • all Finding report + List of rules passed successfully for instances

📖 Findings

Results of Assessment run, also gives how to remediate the issues found

Practical

Now Lets install Agent on Debian OS, please refer above to install on Linux

• Lets note down the ec2 tags.
• Goto Amazon Inspector from console and click Get started then Enable Inspector.

• After few minutes you will be welcomed with a dashboard.

• As you are already installed inspector in will run a default checks.

• If you get confused with new dashboard click on Switch to Inspector Classic

• Click on findings on new dashboard and click the Vulnerability

On bottom of findings you can see how can you remediate the issue.

That's it , 🎉Congratulations🎉you have successfully implemented AWS inspector for your EC2 infrastructure.

✅Connect with me on Twitter
🤝🏽Connect with me on Linkedin
🧑🏼‍🤝‍🧑🏻 Read more post on dev.to or iCTPro.co.nz
💻 Connect with me on GitHub

AnuvindhFollow

Experienced Cloud Technology Specialist with a demonstrated skillset of working with Banking , Medical Service , NZ Police & Education industry