STEP 4: AWS inspector vulnerability configurations (Optional)

This step is optional.

Includes installing and configuring AWS Inspector Agent to assess your assessment target EC2 instances (collections of AWS resources) for potential security issues and vulnerabilities.

Amazon Inspector is a security assessment service for your Amazon EC2 instances and the applications running on those instances. Enabling AWS Inspector for a host assessment allows Cloudneeti to collect common vulnerabilities and exposures (CVEs) and associate them to each of the cloud assets.

Please skip this step if AWS inspector is already configured for all EC2 instances.

4.1 Installing SSM agent

AWS Systems Manager Agent (SSM Agent) is Amazon software that can be installed and configured on an Amazon EC2 instance. SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources.

SSM Agent will be used by AWS Inspector to install the AWS Inspector Agent on the instances so that it can fetch the instance data. Follow links for installation

SSM Agent is preinstalled, by default

Install SSM Agent

4.2 Creating Inspector Assessment target and template

Once, SSM agent is installed, enable AWS Inspector in the regions where instances reside and create assessment targets and templates.

Cloudneeti currently supports RHEL and Windows Server 16 instances and in the near future many other Linux distributions and Windows server editions will be supported.

Multiple assessment targets and templates can be created. For exmaple, create an assessment target is each of the Operating systems separately, and add to separate template. - OS = RedHat Linux - Tags = All tags | None - Instances = All instances

Login to AWS portal with AWS Administrator role.

New to inspector

4.2.1 Get started for inspector advance setup

1. Navigate to the inspector page

2. Click Get started

   

3. Click Advance setup

   

4.2.2 Creating assessment target

1. Add Name (1)

2. Check the All Instances checkbox (2)

   All Instances - the assessment target will include all the instances in the region (region where the Inspector resides) for assessment

3. Check the Install Agents checkbox (3) Install Agents - AWS Inspector agent will be installed on all the instances in the assessment target.

   

4. Click Next

4.2.3 Creating assessment template

1. Add Name

2. Select below rules package for

   • Common Vulnerabilities and Exposures-1.1 Reference link Common vulnerabilities and exposures

3. Set Duration (3), recommended is 1 hour

4. Select Schedule (4), recommend is 7 days

5. Click Next (5)

6. Review details and Create

4.2.4 Verify assessment target

Once Assessment target is created, one can verify the status of the agents. AWS Inspector and therefore Cloudneeti, will only be able to generate/display data for instances where Agent Status is Healthy.

1. Expand the Assessment Target created (1)

2. Click Preview Target (2)

3. A list of all the instances connected to the assessment target will appear

4. Verify the Agent Status Column (3)

   

4.2.5 Run assessment template

1. Run the Assessment Template if required, by default assessment template is run on creation.

   

2. Verify assessment run results.

   

OR Already using inspector

Login to AWS portal with AWS Administrator role.

4.2.1 Creating Assessment target

1. Navigate to the inspector page

2. In the side menu, click on Assessment targets (1)

3. Click Create (2)

4. Add Name (3)

5. Check the All Instances checkbox (4)

   All Instances - the assessment target will include all the instances in the region (region where the Inspector resides) for assessment

6. Check the Install Agents checkbox (5) Install Agents - AWS Inspector agent will be installed on all the instances in the assessment target.

7. Next. (5)

   

4.2.2 Verify assessment target

Once Assessment target is created, one can verify the status of the agents. AWS Inspector and therefore Cloudneeti, will only be able to generate/display data for instances where Agent Status is Healthy.

1. Expand the Assessment Target created (1)

2. Click Preview Target (2)

3. A list of all the instances connected to the assessment target will appear

4. Verify the Agent Status Column shows healthy for targeted instances (3)

   

4.2.3 Create and run Assessment Template

1. In the side menu, click on Assessment templates (1)

2. Click Create (2)

3. Add Name (3) and Target Name (4) of the Assessment target created in Step 1

4. Select rules package

   • Common Vulnerabilities and Exposures-1.1 Reference link Common vulnerabilities and exposures

5. Set Duration (6), recommended is 1 hour

6. Create SNS topic for notifications of events(optional). (7)

   

7. Set Assessment Schedule (1), recommend is 7 days

8. Click Create or Create and run (2)

   

4.2.4 Run assessment template

1. Run the Assessment Template or wait for their schedule as per their requirement

   

2. Verify assessment run results.

   

4.3 Verify policy results and vulnerability on Cloudneeti (to be performed after Step 4)

1. Cloudneeti will pick up latest analysis complete assessment run within last 30 days data from the AWS Inspector. Policies details will be available on Cloudneeti post next successful scan.

   

2. After successful scan, AWS RHEL EC2 vulnerability assessment will appear on Vulnerability tab on Asset Security dashboard