0
点赞
收藏
分享

微信扫一扫

61. Amazon Inspector

安七月读书 2022-01-27 阅读 65
aws

Overview

  • Amazon Inspector is a vulnerability management service that continuously scans your AWS workloads for vulnerabilities.
  • Amazon Inspector automatically discovers and scans Amazon EC2 instances and container images residing in Amazon Elastic Container Registry (Amazon ECR) for software vulnerabilities and unintended network exposure.
  • When a software vulnerability or network issue is discovered, Amazon Inspector creates a finding. A finding describes the vulnerability, identifies the affected resource, rates the severity of the vulnerability, and provides remediation guidance

Features of Amazon Inspector

  • Centrally manage multiple Amazon Inspector accounts
    • If your AWS environment has multiple accounts, you can centrally manage your environment through a single account by using AWS Organizations and designating an account as the delegated administrator account for Amazon Inspector.
  • Continuously scan your environment for vulnerabilities and network exposure
    • With Amazon Inspector you do not need to manually schedule or configure assessment scans
    • Amazon Inspector continues to assess your environment throughout the lifecycle of your resources by automatically scanning resources whenever you make changes to them.
  • Assess vulnerabilities accurately with the Amazon Inspector Risk score
    • As Amazon Inspector collects information about your environment through scans, it provides severity scores specifically tailored to your environment. 
  • Identify high-impact findings with the Amazon Inspector dashboard
    • The risk-based remediation panel in the Amazon Inspector dashboard presents the findings that affect the largest number of instances and images.
    • This panel makes it easier to identify the findings with the greatest impact on your environment, see findings details, and view suggested solutions.
  • Manage your findings using customizable views
  • Monitor and process findings with other services and systems
    • ​​​​​​​AWS EventBridge
    • AWS Security Hub

Understanding findings

  • In Amazon Inspector, a finding is a detailed report about a potential vulnerability that affects one of your resources.
  • Amazon Inspector generates a finding whenever it detects a potential vulnerability for an Amazon EC2 instance or a potential software vulnerability in a container image within an Amazon ECR repository.
  • A finding can be assigned one of the following states:
    • Active - The finding is identified by Amazon Inspector and has not yet been remediated. Active findings are subject to suppression rules and, if applicable, the status is changed to Suppressed.
    • Suppressed - The finding meets one or more criteria of one or more suppression rules. Suppressed findings are hidden from most views, with the exception of the Suppressed findings list.
    • Closed - After a vulnerability is remediated, Amazon Inspector automatically detects it and changes the state of the finding to closed. Closed findings are deleted after 30 days if there are no other changes.
  • finding types
    • Package vulnerability
      • Package vulnerability findings identify software packages in your environment that are exposed to common vulnerabilities and exposures (CVEs)
      • Package vulnerability findings are generated for both Amazon EC2 instances and ECR container images.
    • Network reachability
      • Network reachability findings indicate that there are allowed network paths to Amazon EC2 instances in your environment.
      • Network reachability findings are only generated for Amazon EC2 resources.

Scanning resources

  • Amazon Inspector initiates scans of EC2 instances in the following situations:
    • As soon as the EC2 instance is discovered by Amazon Inspector
    • When you launch a new instance
    • When you install new software on an existing instance
    • When Amazon Inspector adds a new common vulnerabilities and exceptions (CVE) item to its database
  • Amazon Inspector scans container images stored in Amazon ECR for software vulnerabilities to generate Package Vulnerability findings.
    • Enhanced scanning gives you a choice between continuous scanning or on-push scanning at the repository level.
    • Continuous scanning includes on-push scans and automated rescans.
    • On-push scanning scans only when you push an image.
    • For both options you can refine the scanning scope through inclusion filters.

Managing multiple accounts with AWS Organizations

  • With Amazon Inspector you can manage multiple accounts that are associated through AWS Organizations.
  • To manage multiple Amazon Inspector accounts, the Organizations management account designates an account within the organization as the delegated administrator account for Amazon Inspector.
  • The delegated administrator manages Amazon Inspector for the organization and is granted special permissions to perform tasks on behalf of your organization.
  • These tasks include enabling or disabling scans for member accounts, viewing aggregated finding data from the entire organization, and the creation and management of suppression rules.
  • A delegated administrator is Regional.
  • An organization can have only one delegated administrator.
  • Changing a delegated administrator does not disable Amazon Inspector for member accounts.

Amazon Inspector integrations

  • Amazon ECR
    • You can use Amazon Inspector to scan container images residing in your Amazon ECR repositories for vulnerable operating system packages and programming language packages.
  • AWS Security Hub
    • Enabling Security Hub with Amazon Inspector automatically allows Amazon Inspector findings data to be ingested by Security Hub.

Reference

What is Amazon Inspector? - Amazon Inspector

举报

相关推荐

0 条评论