1 Answer
- Newest
- Most votes
- Most comments
1
Hello.
As you know, you can use AWS Config rules to notify you when unauthorized software is installed.
However, I think this rule would be difficult to handle if you want to be notified when new software is installed.
https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-required.html
If you use Amazon Inspector, it may be possible to notify you when software is installed.
https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html
- When you launch a new EC2 instance.
- When you install new software on an existing EC2 instance (Linux and Mac).
- When Amazon Inspector adds a new common vulnerabilities and exposures (CVE) item to its database, and that CVE is relevant to your EC2 instance (Linux and Mac).
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
I tried to create an event bridge rule:
{ "source": ["aws.inspector"], "detail-type": ["Inspector Assessment Run State Change"], "detail": { "state": ["COMPLETED"] } }
Downloaded/installed docker on my linux 2 instance, but didn't seem to trigger the rule. Any ideas?