Instances without Inspector runs in the last 30 days
AWS Inspector is a security assessment service, used to assess applications for vulnerabilities or deviations from best practices. It is recommended to run AWS Inspector scans regularly. CloudGuard recommends running Inspector at least once a week. This rule makes sure that Inspector runs at least once every 30 days on all instances.
Risk Level: Low
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.AWS.VLN.02
Covered by Spectral: No
Category: Compute
GSL LOGIC
Instance where autoScalingGroup.id isEmpty() and launchTime before(-1, 'days') and region in('eu_central_1','eu_west_1','eu_west_2','ap_south_1','us_west_1','us_east_1','us_east_2','us_west_2','ap_northeast_2','eu_north_1','ap_southeast_2','ap_northeast_1','us_gov_east_1','us_gov_west_1') should have scanners.scans contain [source = 'Inspector' and startTime after(-30, 'days') and state in ('COMPLETED') ]
REMEDIATION
Configure AWS Inspector to run at least once every 30 days.
CloudGuard recommends running Inspector at least once a week.
For more information on AWS Inspector installation see: https://docs.aws.amazon.com/inspector/latest/userguide/inspector_quickstart.html
Amazon EC2 Instance
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS CloudGuard Well Architected Framework
- AWS GDPR Readiness
- AWS HITRUST
- AWS ISO 27001:2013
- AWS ITSG-33
- AWS LGPD regulation
- AWS MAS TRM Framework
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-171
- AWS NIST 800-53 Rev 4
- AWS NIST 800-53 Rev 5
- AWS NIST CSF v1.1
- AWS PCI-DSS 3.2
Updated over 1 year ago