Fetching scan files from AWS Inspector workflow

The Fetch_Scan_files_from_AWS_Inspector workflow allows you to generate AWS Inspector scan reports for EC2 instances and ingest them into IBM Concert as vulnerability scan reports.

Prerequisites

  • Your Concert instance must have the Workflow installed.
  • Before running the workflow, ensure you have:
    • An IAM account access key and secret with sufficient privileges as described in the AWS Inspector v2 documentation.
    • Set up and run the Sync AWS Linux Bulletin workflow. Refer to the Setting up the Sync AWS Linux Bulletin workflow topic for details.
    • Support for Amazon Linux Operating System: Concert facilitates remediation for amazon linux operating systems whose SBOMs contain runtime metadata with OS as amazon linux.

Instruction

To use the Fetch_Scan_files_from_AWS_Inspector workflow:
  1. Go to Workflows > Manage and create a new folder.
  2. Download the Fetch_Scan_files_from_AWS_Inspector workflow from the Automation library.
  3. Import the Fetch_Scan_files_from_AWS_Inspector workflow to the newly added folder.
  4. Create an authentication for Amazon Web Services using the IAM user's access key and secret.
    1. Navigate to Workflow > Authentications > Create Authentication.
    2. Select Amazon Web Services as the service and set the required properties:
      • Access Key Id: Access Key ID of your IAM account
      • Secret Access Key: Secret Access Key of your IAM account
      • Session Token: You can keep it blank
  5. Click on the three dots on the right side of the Fetch_Scan_files_from_AWS_Inspector workflow to access the options.
  6. Choose the Run option to execute the workflow.
  7. Configure workflow by setting the input parameters as follows:
    • REPORT_FORMAT: Choose the format in which AWS needs to generate the report (JSON or CSV). Recommended format is JSON.
    • BUCKET_NAME: Enter the S3 bucket with KMS encryption into which Inspector will store the file.
    • BUCKET_ARN: Enter the AWS ARN of the KMS key.
    • awsAuth: Enter the newly created authKey.
    • ibm_concert_api_key: Your default Concert API key.
  8. Figure 1. Input to the Fetching Scan Files from AWS Inspector WorkflowScreenshot of the Input to Fetching Scan Files from AWS Inspector Workflow.
  9. Update the region in the following blocks by clicking on the block and updating the value in the OBJECT EDITOR on the right panel:
    • TriggerFindingReportScan
    • Get_Finding_Report_status
    • GetReportFromS3
  10. Run the workflow.