Tools
AWS Audit Manager
AWS Audit Manager Demo 2021 | Amazon Web Services - YouTube
AWS Security Hub
Automate AWS security checks and centralize security alerts
Features
- Simple multi-account setup via AWS Organizations
- Cross-region and cross-account aggregation of findings
- Automated security checks (standards and controls)
- Integrations with AWS services and partner products for finding aggregation
- Automated response and remediation
Key use cases
- CSPM - Cloud Security Posture Management
- SIEM - Security Information and Event Management
- SOAR - Security Orchestration, Automation, and Response
An Overview of AWS Security Hub | Amazon Web Services - YouTube
Security Hub vs Audit Manager
For small organizations with not a lot of assets and findings that Security Hub on its own is probably sufficient. For larger organizations or those that have lots of assets and finding, Audit Manager can be extremely helpful on cutting down the noise of everything else and helping your or your external auditors focus on their task at hand.
AWS Audit Manager vs Security Hub : r/aws
ScoutSuite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
The following cloud providers are currently supported/planned:
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
- Alibaba Cloud (alpha)
- Oracle Cloud Infrastructure (alpha)
GitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool
Docker Image · nccgroup/ScoutSuite Wiki · GitHub
Running scoutsuite (Download scoutsuite repo)
python scout.py aws --profile zen
# View a summary of image vulnerabilities and recommendations
docker scout quickview clickhouse/clickhouse-server
# View vulnerabilities
docker scout cves clickhouse/clickhouse-server
# View base image update recommendations
docker scout recommendations clickhouse/clickhouse-server
https://github.com/tensult/cloud-reports
https://www.verygoodsecurity.com/control
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
OpenSCAP
Security Content Automation Protocol (SCAP) is U.S. standard maintained by National Institute of Standards and Technology (NIST).
GitHub - OpenSCAP/openscap: NIST Certified SCAP 1.2 toolkit
Trivy
Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
Targets (what Trivy can scan):
- Container Image
- Filesystem
- Git Repository (remote)
- Virtual Machine Image
- Kubernetes
- AWS
Scanners (what Trivy can find there):
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC issues and misconfigurations
- Sensitive information and secrets
- Software licenses
How To Use Trivy To Scan Docker Images For Vulnerabilities
Terrascan
Detect compliance and security violations across Infrastructure as Code (IaC) to mitigate risk before provisioning cloud native infrastructure.
Policy as Code for Secure Cloud Infrastructure
As you embrace Infrastructure as Code (IaC) such as Terraform, Kubernetes, Argo CD, Atlantis and AWS CloudFormation, it is important to ensure that security best practices and compliance requirements are observed. Terrascan provides 500+ out-of-the-box policies so that you can scan IaC against common policy standards such as the CIS Benchmark. It leverages the Open Policy Agent (OPA) engine so that you can easily create custom policies using the Rego query language.
What is Terrascan: Benefits, Key Features, and Examples | env0
What is Terrascan? Features, Use Cases & Custom Policies
Gitleaks
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.
GitHub - gitleaks/gitleaks: Protect and discover secrets using Gitleaks 🔑
Others
- SOC 2, HIPAA, ISO 27001, PCI, and GDPR Compliance
- Home - Sprinto - Continuous Security & Compliance Platform - Sprinto
- Scrut Automation - Simplified continuous compliance automation
- Falco
- Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.