Starting in March 2018, new features are being rolled out for Alert Logic® Cloud Insight™ and Cloud Insight Essentials to improve vulnerability scanning and help you identify remediation actions.
- Improved Vulnerability Scanning. You can now save on Amazon Web Services (AWS) infrastructure costs during idle scan times. In addition, our scanning instance extends support for new EC2 instance types and AWS regions.
- Remediation Category Filters. New filtering options are available in the Alert Logic console to help you search for and separate remediations that are specific to AWS configurations, software vulnerabilities, and other scenarios.
Read on for more information about these new features.
Improved Vulnerability Scanning
Prior to this release, the EC2 instance used to perform vulnerability scans (i.e. the scanning instance) would run 24x7x365, even in scenarios where there were no customer instances to scan. With this release, Cloud Insight recognizes when it has finished scanning your instances and updates its Auto Scaling group to terminate the scanning instance. When new instances are detected, or if it’s been 24 hours since the last scan of an existing instance, the Auto Scaling group will spin up a new scanning instance and Cloud Insight will continue scanning.
Alert Logic will be rolling out the new AMI and software release to customers over the coming weeks in a phased release. After the update and as noted above, you will see the Auto Scaling group launch and terminate the scanning instance based on activity in your environment. If you have CloudWatch alarms that monitor the scanning instance, or if you need additional time to update your launch templates (CloudFormation, Terraform, etc.), you can manually disable Auto Scaling for the scanning instance by following the steps in the Manually Disable or Enable Auto Scaling for Cloud Insight Vulnerability Scanner knowledge base article.
Remediation Category Filters
The Remediation menu is a great place to help identify AWS configuration settings and Common Vulnerabilities and Exposures (CVEs) that are high priority and need immediate attention. Customers have asked for an easier way to search for and separate remediations that are specific to AWS configurations, software vulnerabilities, and other scenarios.
Now, you can use prebuilt category filters that separate remediations based on three levels:
- AWS Configuration Checks: These remediations require changes to configurations that go against AWS Best Security Practices, such as allowing global write access to an S3 bucket.
- Vulnerability Scanning: These remediations require updates to your software to address known CVEs, such as upgrading Apache Tomcat to the latest version.
- Alert Logic Configuration: These remediations require configuration changes for Cloud Insight Essentials to identify how you’re using AWS, such as having insufficient IAM permission for Cloud Insight Essentials to determine if you are using Amazon GuardDuty.
These new category filters are available to all Cloud Insight and Cloud Insight Essentials customers at no additional charge.
If you would like more information, please post your questions in the Cloud Insight Essentials community.