AWS Cloud Patrol

Purpose

• Detect and identify potential security issues across your AWS Cloud environment
• Gain visibility into your entire AWS infrastructure through centralized security scanning

Automated Remediation

• Implement automated correction of security findings using predefined remediation actions
• Reduce mean time to resolution (MTTR) through automated security workflows

Reporting and Analytics

• Generate detailed PDF on security findings, remediation actions, and exemption status

How-to

Cloud patrol scans and remediates based on defined checks. Each check leverages resource collectors that exist in the Scan Environment command. Checks that can be auto-remediated have a remediation defined in the Fix Environment command.

Initial Setup

When Cloud Patrol is first installed, the first thing to do is run the Setup command. This will do the following:

1. create a sqllite database to store cloud patrol data (patrol.db)
2. create a spreadsheet that contains a list of all defined checks (check_definitions.csv)

Scan Environment for Findings

You can begin discovery in your environment against all defined checks by running the Scan Environment command.

Remediate Findings

Checks that are enabled for auto remediation can be fixed via the Fix Environment command. Select resources via the dashboard or auto fix by creating a detector for the given finding.

Generate Report

You can generate a PDF report of findings and remediations with the Create Report command.

Enable/Disable Checks

1. Download check_definitions.csv in Files
2. Modify enabled column with desired value. 0 is disabled, 1 is enabled.
3. Run Setup command and upload the modified check_definitions.csv into the Checks_Import input

‍

‍