Cloud Configuration Assessment is an InsightVM feature that provides a security-focused view into your cloud environment. Capabilities are centered around the ability to identify and remediate cloud misconfigurations, an increasingly important concern in today's ever-evolving world. Since the policies and settings that affect the security of a resource in the cloud can change in an instant, it is valuable to maintain visibility into the current state of all your resources.
Here, we will delve into how to enable Cloud Configuration Assessment to maintain an even more dynamic view of an AWS account through integrating with—and responding to—events from CloudTrail.
What Cloud Configuration Assessment in InsightVM does today
Cloud Configuration Assessment defaults to re-collecting data on and re-assessing resources at built-in intervals to update the state of their data every couple of hours. While this maintains a fairly accurate state of data for resources that do not change often (ex: an IAM policy in which content is only updated every few months), changes in resources that are created, deleted, and updated in the span of hours may not be reflected in Cloud Configuration Assessment until a few hours after the event in the account.
What is CloudTrail?
CloudTrail is a service to record and audit events that happen in an Amazon Web Services (AWS) account or organization. Actions taken, whether they be through using the Console, CLI, or other ways of interacting with resources, are all recorded as CloudTrail events, and a CloudTrail trail can be configured to deliver messages about those events to other serv ..
Support the originator by clicking the read the rest link below.
