Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.
Amazon Inspector does not need to store logs into a bucket, like the other AWS services. The inspector works as a searcher, so it retrieves information using the AWS API and provides an agent that analyzes it.
Open the Wazuh configuration file (
/var/ossec/etc/ossec.conf) and add the following configuration block to enable the integration with Inspector:
<wodle name="aws-s3"> <disabled>no</disabled> <interval>10m</interval> <run_on_start>no</run_on_start> <skip_on_error>no</skip_on_error> <service type="inspector"> <aws_profile>default</aws_profile> </service> </wodle>
Users must specify at least a region. Multiple regions can be added separated by commas.
Check the AWS S3 module reference manual to learn more about each setting.
Restart Wazuh in order to apply the changes:
If you’re configuring a Wazuh manager:
# systemctl restart wazuh-manager
For SysV Init:
# service wazuh-manager restart
If you’re configuring a Wazuh agent:
# systemctl restart wazuh-agent
For SysV Init:
# service wazuh-agent restart