For instructions on setting up for Configuration Audit in Threat Stack, see AWS Integrations Overview.
The Threat Stack Configuration Auditing (Config Audit) feature allows Amazon Web Services (AWS) users to check their infrastructure (AWS) configuration against industry best practices curated by Threat Stack security engineers.
Threat Stack comes pre-configured with a set of best practices for AWS Cloud Security. After you integrate Threat Stack with your AWS account, you can initiate an audit of the configurations in your account on demand and then schedule regular daily audits.
The following are the major functions of the feature:
- Configuration Auditing for users with multiple AWS Profiles
- Audit the AWS configuration for violations
- View summary of violations
- View details of each violation
- Suppress specific resources for further configuration checks
- Enable/disable/edit configuration audit rules
Access the Config Audit Page
- Log into Threat Stack.
- In the left navigation pane, click Config Audit. The Config Audit page opens.
View AWS Profiles on the Config Audit Page
If you have multiple AWS profiles, you can view your AWS integrations by number of violations.
- Hover your cursor over any segment under AWS Integrations by Number of Violations. The AWS Integration summary displays.
- Click the Show Results for Only This Profile button to filter results by profile. The relevant filter displays in the Filter menu.
Audit the AWS Configuration for Violations
- Click the Run button in the upper right corner to begin scanning for violations.
View Summary Results of Violations
- Click any listed AWS Service. A summary of the violation scan results displays.
View Violation Details
- Click the Information icon beside any Resource Type. A description of the violation displays.
- Click the violation you want to view details for. The details pane displays.
- Click the Go to Resource Details button. The Resource Details page displays. Here, you can view detailed information about resources and suppressions.
Suppress Violation Results on the Resource Details Details Page
- On the Resource Details page, click the fire extinguisher icon beside the violation you want to suppress. The Add New Configuration Auditing Policy Suppression menu displays.
- Select a reason for suppressing.
- Click the Add New Suppression button.
Configuration Audit Rules
You can view and edit Configuration Auditing Rules from the Rules page.
- In the left navigation pane, click Rules. The Rules page displays.
- To the right of the Configuration Auditing Rule you want to view or edit, click the Details button. The Rule Details pane displays.
- Click the Edit button in the upper right corner if you want to make changes to rule severity, enable or disable rules, or modify any rule details. For more information, see Edit Rule Drawer.