Instances without Inspector runs in the last 30 days

AWS Inspector is a security assessment service, used to assess applications for vulnerabilities or deviations from best practices. It is recommended to run AWS Inspector scans regularly. CloudGuard recommends running Inspector at least once a week. This rule makes sure that Inspector runs at least once every 30 days on all instances.

Risk Level: Low
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.AWS.VLN.02
Covered by Spectral: No
Category: Compute

GSL LOGIC

Instance where autoScalingGroup.id isEmpty() and launchTime before(-1, 'days') and region in('eu_central_1','eu_west_1','eu_west_2','ap_south_1','us_west_1','us_east_1','us_east_2','us_west_2','ap_northeast_2','eu_north_1','ap_southeast_2','ap_northeast_1','us_gov_east_1','us_gov_west_1') should have scanners.scans contain [source = 'Inspector' and startTime after(-30, 'days') and state in ('COMPLETED') ]

REMEDIATION

Configure AWS Inspector to run at least once every 30 days.
CloudGuard recommends running Inspector at least once a week.
For more information on AWS Inspector installation see: https://docs.aws.amazon.com/inspector/latest/userguide/inspector_quickstart.html

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS GDPR Readiness
  • AWS HITRUST
  • AWS ISO 27001:2013
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-171
  • AWS NIST 800-53 Rev 4
  • AWS NIST 800-53 Rev 5
  • AWS NIST CSF v1.1
  • AWS PCI-DSS 3.2