Amazon Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.
Amazon configuration
Amazon Inspector does not need to store logs into a bucket, like the other AWS services. The inspector works as a searcher, so it retrieves information using the AWS API and provides an agent that analyzes it.
Wazuh configuration
Open the Wazuh configuration file (
/var/ossec/etc/ossec.conf
) and add the following configuration block to enable the integration with Inspector:<wodle name="aws-s3"> <disabled>no</disabled> <interval>10m</interval> <run_on_start>no</run_on_start> <skip_on_error>no</skip_on_error> <service type="inspector"> <aws_profile>default</aws_profile> </service> </wodle>
Users must specify at least a region. Multiple regions can be added separated by commas.
Note
Check the AWS S3 module reference manual to learn more about each setting.
Restart Wazuh in order to apply the changes:
If you're configuring a Wazuh manager:
For Systemd:
# systemctl restart wazuh-manager
For SysV Init:
# service wazuh-manager restart
If you're configuring a Wazuh agent:
For Systemd:
# systemctl restart wazuh-agent
For SysV Init:
# service wazuh-agent restart