'How to choose a specific CIS ruleset with AWS Inspector
In AWS Inspector Classic I want to scan an Amazon Linux 2 based EC2 image against the ruleset for CIS Benchmarks Amazon Linux 2.
The AMI has been hardened to the standards set out in the 2.0.0 version of the framework.
When I create a template in AWS Inspector, I only have the option of selecting the following:
CIS Operating System Security Configuration Benchmarks-1.0
What is not clear is which version of the framework this is actually for. When I use this ruleset to scan my EC2 instance it's clear its not up to date as many of the findings are now out of scope or are returned with the wrong reference number (when compared to the v2.0.0 framework)
I have tried to go through the docs, but to say they're thin on the ground and ambiguous is an understatement.
What I can see is this doc which suggests specific version of the framework are available in different rule sets but no information on how to access these or differentiate between them in Inspector.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|