Overview
- Automated security assessment
Model
- Vulnerability Scanner
- Designed to be run during Continous Integration deployment pipeline
- NOT designed for Continous Seployment
- Intended to be run on TEST environment
- Not a Intrusion Detection System (IDS)
- Not a Intrustion Prevention System (IPS)
- Uses agent that includes sensors
- Report telemetry to central service
Assessment Target
- Assessed by Inspector
- Set of EC2 instances that accomplish a goal
- Must be described to Inspector
Assessment Template
- Instruction to analyze application for security vulnerabilities
- Contains 1+ Rules Package
Rules Package
- Set of security checks ("rules")
- Rules are grouped in packages to address common goal
- Example
- PCI rules package
- Network Security Best Practices
- Authentication Best Practices
Assessment Run
- Individual assessment of the target based on the template
Finding
- Potential security threat
- Results when telemetry gathered during assessment matches the rule
- Detailed description, context, etc.
- Have attributes (metadata)
- Can be used to create a "workflow" (Status = New, Status = Triage)
No comments:
Post a Comment