Amazon Inspector

img

note

First time using Amazon Inspector? Please refer to the following documentation.

Introduction#

Consolidate vulnerabilities: from a single console, you can consolidate and apply vulnerabilities review identified by scan and develop action plans for vulnerabilities management.

This integration allows the import of issues (vulnerabilities) found in Amazon Inspector to Conviso Platform, allowing the user to take advantage of Conviso Platform's full potential for vulnerability management.

Requirements#

The Conviso Platform and AWS Inspector Integration needs 3 pieces of information:

  • AWS Region;

  • AWS Access keys ID;

  • AWS Secret key Access.

In the next section, you will be guided through AWS Console to be able to retrieve these data.

Amazon Inspector Setup#

Log on to your AWS Console as an Administrator;

On the top bar menu, click on Services and then choose IAM:

img

On the menu to the left, click on Users:

img

At the right panel, click on the Add Users button:

img

Label the new user as you wish, at the User Name field. At the Select AWS Access Type section, check the box next to Access Key - Programmatic Access. When done, click on the Next - Permissions button in the lower right corner of the form:

img

At the next form, choose the Attach existing policies directly option, then select the AmazonInspectorReadOnlyAccess. When done, click on the Next:Tags button in the lower right corner of the form:

img

This step is optional. Use it if you want to associate any TAGS to the new user. When done, click on the Next:Review button in the lower right corner of the form:

img

Review the new user data and click at the Create User button in the lower right corner of the form to finish the user configuration:

img

note

This is the only time when you are able to get your user Secret Access Key. Beyond this point, if you do not copy the secret, you will be unable to recover it later!!!

Copy the Access Key ID and store it in a text file, to be able to recover it later. Next, click on the Show link next to the Secret Access Key to exhibit it and copy it to a safer place, you will use this data later on configuring Conviso Platform integration:

img

Now, to get the AWS Region where your Amazon Inspector is configured, click on the Services at the top menu bar and choose Amazon Inspector. Now, at the top menu bar, expand the Amazon Region to get the AWS region string where your Amazon Inspector is configured (in our example, the AWS is us-west-2. Change it according your current configuration):

img

Conviso Platform Setup#

Log in to the Conviso Platform;

At the left menu, choose Integrations. At the right panel, click on Scanners menu option, then click on the Integrate button of the Amazon Inspector card:

img

Paste the retrieved data from AWS at the corresponding fields of the form. When done copying the data, click at the Save button to store your new integration configuration settings:

img