TOC & Recently Viewed

Recently Viewed Topics

Audit the AWS Environment

You can use Tenable.io to audit the Amazon Web Services environment to detect misconfigurations in your cloud environment and account settings using Tenable.io. Complete the following steps to configure AWS for successful Audit Cloud Infrastructure assessments withTenable.io.

Note: Tenable recommends that you create a new read-only access AWS account just for Tenable.io. If you experience issues, see AWS Audit Troubleshooting.

To audit the AWS environment, you must complete the following tasks:

Create a Read-Only Group in AWS

To create a read-only group in AWS:

  1. Log in to your AWS account.

  2. Click My Account > AWS Management Console.

    The AWS Management Console appears.

  3. Click Services.

    The Services page appears.

  4. In the Security, Identity, and Compliance section, click IAM.

    The IAM control panel appears.

  5. In the left panel, click Groups.

    The Groups page appears.

  6. Click Create New Group.

    The Create New Group Wizard appears.

  7. In the Group Name box, type a name for the read-only group.

  8. Click Next Step.

    The Attach Policy screen appears.

  9. Select the ReadOnlyAccess AWS managed policy.

  10. (Optional) On the Attach Policy screen, select the SecurityAudit AWS managed policy.
  11. Click Next Step.

    The Review page appears.

  12. Review the group information.
  13. Click Create Group.

    AWS creates the read-only group.

Create a Scanning User in AWS

To create a scanning user in AWS:

  1. Log in to your AWS account.

  2. Click UsersAdd Users.

    The Add User page appears.

  3. In the Set user details section, in the User name text box, type a name for the user.
  4. In the Select AWS access type section, select the Programmatic access check box.

  5. Click Next: Permissions.

    The Set permissions page appears.

  6. Click Add user to group.
  7. In the Add user to group section, select the read-only group you previously created.

  8. Click Next: Tags.

    The Tags page appears.

  9. (Optional) Configure any tags you want to add to the user profile.
  10. Click Next: Review.

    The Review page appears.

  11. Review the user profile.
  12. Click Create User.

    An Access key ID and Secret access key appear.

  13. Copy the Access key ID and Secret access key to use to configure the Audit Cloud Infrastructure in Tenable.io.

Configure AWS Audit Cloud Infrastructure in Tenable.io

To configure AWS Audit Cloud Infrastructure in Tenable.io:

  1. Log in to Tenable.io.
  2. In the top navigation bar, click Scans.

    The My Scans page appears.

  3. In the upper-right corner, click the New Scan button.

    The Scan Templates page appears.

  4. Click Audit Cloud Infrastructure.

    The New Scan page appears.

  5. On the Settings tab, type a name for the scan.
  6. Click the Compliance tab.

    The Compliance options appear.

  7. Click AMAZON AWS.
  8. Select the appropriate audit files for the scan.

    When you select an audit file, Tenable.io adds the file to the list in the right pane.

  9. Click the Credentials tab.

    The Credentials options appear.

  10. In the ADD CREDENTIALS section, select Amazon AWS.
  11. In the AWS Access Key ID text box, type the key you copied in the Create a Scanning User in AWS section.
  12. In the AWS Secret Key text box, type the key you copied in the Create a Scanning User in AWS section.

  13. From the Regions to Access drop-down box, select the region to which you want to apply the scan.
  14. Do one of the following:
    • To save without launching the scan click Save.
    • To save and launch the scan immediately, click the drop-down arrow next to Save and select Launch.

Note: For additional information on configuring Tenable.io scans, please refer to the Tenable.io User Guide.

View Audit Details in the Scan Results

After the scan completes, you can analyze the results in Tenable.io.

To view audit details in the scan results:

  1. Log in to Tenable.io.
  2. In the top navigation bar, click Scans.
  3. Click the AWS Cloud Infrastructure scan you previously created.
  4. Click the Audits tab.

  5. Click an audit in the table to view audit details, including the Description, Reference Information, and Solution.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.