CVE Vulnerabilities

< All Topics

Today you can get complete vulnerability scanning of your cloud environments without implementing an agent.

With a few simple steps, you get a full report with a simple explanation of the CVE risks.

Enable AWS Scan:

for every AWS Account:

  1. Make sure Cloudwize IAM Policy ‘cloudwize-policy’ includes ‘ssm:SendCommand’ permission.
  2. Make sure SSM Agent is enabled on your EC2 Instances.

How to enable SSM:

  1. Login to your AWS Account
  2. Go to System Manager quick setup https://us-east-1.console.aws.amazon.com/systems-manager/quick-setup?region=us-east-1
  3. Under Host Management box click on create

4. Under the configuration options section, make sure only ‘Update Systems Manager (SSM) Agent every two weeks.’ checkbox is checked.

5. Under Targets section, select your desired regions, or tag to deploy the agent, and click on create.

Enable Azure Scan:

Paste the below to your Azure cloud shell bash console to include runCommand permission.

*The script will also install az cli ‘account’ extension, if you wish to remove it simply run at the end: “az extension remove –name account”*

echo '{
  "Name": "Cloudwize Vulnerabilities Assessment",
  "IsCustom": true,
  "Description": "Cloudwize Vulnerabilities Assessment",
  "Actions": [
    "Microsoft.Compute/virtualMachines/runCommand/action"
  ],
  "NotActions": [],
  "DataActions": [],
  "NotDataActions": [],
  "AssignableScopes": []
}' > customrole.json

az extension add -n account -y

subscriptionsforrolejson=`az account subscription list | grep id | awk -F'\"' '{print $4}'`
echo "$subscriptionsforrolejson"


subscriptionsforroleassign=`az account subscription list | grep id | awk -F'/' '{print $3}' | rev | cut -c3- | rev`
echo "$subscriptionsforroleassign"

cloudwizespnobjectid=`az ad sp list --all --query "[].{displayName:displayName, objectId:id}" --output table | grep -wi cloudwize | awk -F' ' '{print $2}'`

jq --arg list "$subscriptionsforrolejson" '.AssignableScopes|=.+($list|split("\n"))' < customrole.json | tee customroleupdated.json

sleep 5
roleDefinitionRes=`az role definition list --name "Cloudwize Vulnerabilities Assessment"`

if [ "$roleDefinitionRes" == "[]" ]; then
  echo "Creating role definition"
  az role definition create --role-definition "./customroleupdated.json"
else
  echo "Updating role definition"
  az role definition update --role-definition "./customroleupdated.json"
fi

for subid in $subscriptionsforroleassign
do
az role assignment create --assignee "$cloudwizespnobjectid" \
--role "Cloudwize Vulnerabilities Assessment" \
--subscription "$subid"
done

Table of Contents

Join our weekly demo

Once a week our CEO, Chen Goldberg is giving a group demo. 

In this demo he’s showing how to gain maximum cloud security and compliance using CloudWize platform. 

We use cookies and tracking technologies to improve your experience on our website and for analytics purposes. By using and accessing this site, you agree to our Terms of Use and Privacy Policy