Page tree
Skip to end of metadata
Go to start of metadata

Cloud Inventory & Risk

Security Group Risk - Security Group Risk is the number of policy violations associated with an AWS instance.

Lumeta considers the following factors in calculating the Security Group violation:

  1. Instances that have been deployed from images in either a white list or black list.
    • You have an image that was not in the white list.
    • You have an image that was in the black list.
  2. Ports and protocols that are either in a white list or black list.
    • You have a port / protocol that was not in the white list.
    • You have a port / protocol that was in the black list.
  3. IPv4 / IPv6 that are either in a white list or black list. On this, bear in mind that IP address blocks are not sliced. If a /8 is specified in blacklist, and a /24 out of that /8 in white list, an IP address that is in that /24 will still appear as a blacklist risk.
    • You have a IPv4 / IPv6 that was not in the white list.
    • You have a IPv4 / IPv6 that was in the black list.
  4. Wildcard in a Security Group.
  5. IPv4 mask is too large for a Security Group.
  6. Src/Dest checks disabled on an instance
  7. Inbound/outbound path to the public internet (direct and indirect)

Inbound & Outbound Path Summary

Lists instances having ingress and egress to the internet.

Inspector Alerts

Accrues and centralizes alerts from all Cloud Scouts.

  • No labels
Write a comment...