DAY 16 – Amazon Inspector – Automated and Continual vulnerability management at scale – Day Sixteen
- Quickly discover vulnerabilities
- Prioritize patch remediation
- Meet compliance requirements
- Identify zero-day vulnerabilities sooner
Amazon Inspector helps to find security vulnerabilities on EC2. (Finding Common Vulnerabilities (CVE) , Center of Internet Security Benchmarks (CIS), Security Best practice & run time behavior).
An agent based service, which means you can add agent to your EC2 and start monitoring.
- Monitor your application for vulnerabilities
- Crosschecks for Security compliance & exposure to attack.
- Secure your EC2 for zero day vulnerability.
- Low Cost are few of the benefits using Amazon Inspector.
the Amazon Inspector role, assessment targets, AWS agents, assessment templates, rule packages, assessment runs, telemetry, assessment reports, and findings
- A read only access to all your EC2 environment
- A group of Ec2 or target group of Ec2. tags will be used to group.
Software agents installed on the instance that you wish to monitor (agents are updated automatically). Supports both Linux and Windows.
Installing the Amazon Inspector agent on a Linux
curl -O https://inspector-agent.amazonaws.com/linux/latest/install
sudo bash install
Download .exe file from this link
or copy paste
and execute AWSAgentInstall.exe
This will decide how an assignment on ec2 should run. We can use SNS to notify the finding. Once you created you cannot modify the template.
Set of individual rules that are checked against EC2 instance with severity level (High, Medium, Low, Informational).
Supported Rules packages
- CVE – publicly known security threats.
- CIS – Global Standard for Security standards For IT resources
- Security best Practices – Common best practices in Linux based Ec2 targets.
Assessment run will be used Once you configure Role, agent, Target & template Configured.
Data collected from instance , once collected the data will be sent to Inspector and stored in s3 with KMS key. Inspector Analyse the data from S3 with rule packages. After 30 days telemetry data is deleted.
Provides a assessment on results.
There are Mainly two types of report
- Findings reports
- Summary of assessment
- List of EC2 assessed
- Rules Used
- Full report
- all Finding report + List of rules passed successfully for instances
Results of Assessment run, also gives how to remediate the issues found
Now Lets install Agent on Debian OS, please refer above to install on Linux
- Lets note down the ec2 tags.
- Goto Amazon Inspector from console and click Get started then Enable Inspector.
- After few minutes you will be welcomed with a dashboard.
- As you are already installed inspector in will run a default checks.
- If you get confused with new dashboard click on Switch to Inspector Classic
- Click on findings on new dashboard and click the Vulnerability
On bottom of findings you can see how can you remediate the issue.
That’s it , 🎉Congratulations🎉you have successfully implemented AWS inspector for your EC2 infrastructure.