Skip to main content

Tools

AWS Audit Manager

aws-audit-manager

AWS Audit Manager Demo 2021 | Amazon Web Services - YouTube

AWS Security Hub

Automate AWS security checks and centralize security alerts

Features

  1. Simple multi-account setup via AWS Organizations
  2. Cross-region and cross-account aggregation of findings
  3. Automated security checks (standards and controls)
  4. Integrations with AWS services and partner products for finding aggregation
  5. Automated response and remediation

Key use cases

  • CSPM - Cloud Security Posture Management
  • SIEM - Security Information and Event Management
  • SOAR - Security Orchestration, Automation, and Response

AWS Security Hub

An Overview of AWS Security Hub | Amazon Web Services - YouTube

Security Hub vs Audit Manager

For small organizations with not a lot of assets and findings that Security Hub on its own is probably sufficient. For larger organizations or those that have lots of assets and finding, Audit Manager can be extremely helpful on cutting down the noise of everything else and helping your or your external auditors focus on their task at hand.

AWS Audit Manager vs Security Hub : r/aws

ScoutSuite

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.

The following cloud providers are currently supported/planned:

  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
  • Alibaba Cloud (alpha)
  • Oracle Cloud Infrastructure (alpha)

GitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool

Docker Image · nccgroup/ScoutSuite Wiki · GitHub

Running scoutsuite (Download scoutsuite repo)

python scout.py aws --profile zen

# View a summary of image vulnerabilities and recommendations
docker scout quickview clickhouse/clickhouse-server

# View vulnerabilities
docker scout cves clickhouse/clickhouse-server

# View base image update recommendations
docker scout recommendations clickhouse/clickhouse-server

https://github.com/tensult/cloud-reports

https://www.verygoodsecurity.com/control

https://github.com/toniblyx/my-arsenal-of-aws-security-tools

https://cloudcustodian.io

Overview - Komiser

OpenSCAP

Security Content Automation Protocol (SCAP) is U.S. standard maintained by National Institute of Standards and Technology (NIST).

GitHub - OpenSCAP/openscap: NIST Certified SCAP 1.2 toolkit

Trivy

Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.

Targets (what Trivy can scan):

  • Container Image
  • Filesystem
  • Git Repository (remote)
  • Virtual Machine Image
  • Kubernetes
  • AWS

Scanners (what Trivy can find there):

  • OS packages and software dependencies in use (SBOM)
  • Known vulnerabilities (CVEs)
  • IaC issues and misconfigurations
  • Sensitive information and secrets
  • Software licenses

GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Trivy Home - Trivy

How To Use Trivy To Scan Docker Images For Vulnerabilities

Terrascan

Detect compliance and security violations across Infrastructure as Code (IaC) to mitigate risk before provisioning cloud native infrastructure.

Policy as Code for Secure Cloud Infrastructure

As you embrace Infrastructure as Code (IaC) such as TerraformKubernetesArgo CDAtlantis and AWS CloudFormation, it is important to ensure that security best practices and compliance requirements are observed. Terrascan provides 500+ out-of-the-box policies so that you can scan IaC against common policy standards such as the CIS Benchmark. It leverages the Open Policy Agent (OPA) engine so that you can easily create custom policies using the Rego query language.

runterrascan.io

GitHub - tenable/terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

What is Terrascan: Benefits, Key Features, and Examples | env0

What is Terrascan? Features, Use Cases & Custom Policies

Gitleaks

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.

Gitleaks

GitHub - gitleaks/gitleaks: Protect and discover secrets using Gitleaks 🔑

Others