Agent-less discovery of your AWS EC2 instances and installed packages leveraging AWS native inventory support.
Configuring your AWS Environment
Identify the instances that you need vulnerability tracking for via the AWS Console or AWS CLI. Ensure each of those instances have the SSM agent installed on them. More information can be found here,
Installing SSM on Linux
https://docs.aws.amazon.com/systemsmanager/latest/userguide/ sysman-install-ssm-agent.html
Installation SSM on Windows ( if needed ):
Setup Association
Setup an association between Systems Manager and State Manager using an AWS document ( AWSGatherSoftwareInventory ).
Setup Inventory Collection and Destination Bucket
Select the type of inventory that you would like to collect and a S3 bucket that will collect that inventory with bucket policy. Bucket prefix is not required to be specified in the policy.
Inventory in S3 Bucket
You should now see inventory in the S3 bucket for each instance that is configured for inventory collection. There will be a single JSON file corresponding to each instance.
Pull Asset Inventory Using twigs
Using the twigs CLI you can now pull the inventory into your ThreatWorx instance ( threatworx.io for public SaaS ).
twigs -v aws --aws_account "[ACCOUNT_ID]"
-- aws_access_key "[AWS_ACCESS_KEY]"
--aws_secret_key " [AWS_SECRET_KEY]"
--aws_region "[AWS_REGION]"
--aws_s3_bucket "[S3_BUCKET]"
Comentários