Configuration Auditing Feature Overview

[For instructions on setting up for Configuration Audit in Threat Stack, use this document]

Feature Summary

Threat Stack Configuration Auditing feature allows AWS users to check their infrastructure (AWS) configuration against industry best practices curated by Threat Stack security engineers. 

How does it Work ?

Threat Stack comes with a set of best practices for AWS Cloud Security pre-configured. After you integrate Threat Stack with your AWS account (instructions here), you can initiate an audit of the configurations in your account on demand and then schedule regular daily audits.

The following are the major functions of the feature:

  1. Configuration Auditing for users with multiple AWS Profiles
  2. Audit the AWS configuration for violations
  3. View summary of violations
  4. View details of each violation
  5. Suppress specific resources for further configuration checks
  6. Enable/disable/edit configuration audit rules

Multiple AWS Profiles from the Dashboard page

You can now see the rules evaluated for all profiles on the Dashboard page in the Configuration Auditing section of the Overview area.

Ex: Shows evaluation for 2 AWS profiles.

1_Dashboard_multiple_aws.png

AWS Profiles on the CONFIG AUDIT page

On the CONFIG AUDIT page, if you have multiple AWS profiles you see a graphic at the top of the page that displays your top 5 AWS Profiles by number of violations. Hovering over a segment displays a short summary of results for that profile. Click the Show Results for Only This Profile button to filter all results by the specific profile.

3_AWS_profile_hover.png

The below example highlights the page filters and the circled Filter (expand/collapse) button. You can click the Filter button to open or close all filters.

2_AWS_profile_flyin.png

Audit the AWS Configuration for Violations

 

 

View Summary Results of Violations

 

View Details of Violations

Step 1.  Click on Information icon to view the description of the violation.

 

Step 2: Click on a violation to display a preview of that violation.

 

 

Step 3: Click on Resource details to view detailed views of resources and suppressions.

 

Suppress Results of Violations on Details screen

 

Step 1: Click on Fire Extinguisher icon to display the suppression modal.

 

 

 

Step 2: Click the Fire Extinguisher icon to display the suppression modal. Now you can add a reason and a suppression. 

 

 

Configuration Audit Rules

You can find the Configuration Auditing Rules, and any other rules, on the RULESETS page. You can also access them from the left-side Rule Details fly-in. You can can change the rule severity, enable & disable rules, and edit rules - similar to how you can modify the host rules.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.