One of the previous blogs on this topic provided an overview about vulnerability management for cloud environments using ThreatWatch. As the blog mentioned , there are two essential aspects to be able to meet that objective.
- Getting alerted when a cloud provider makes new patches available.
- Adopting a risk based approach towards applying patches and tracking your inventory against the desired patch level across packages on a continuos basis.
In this blog we will look at (a) and see as to how your operational, devops and compliance/technology risk teams can remain updated. We will take Amazon’s example over here but this applies to any cloud provider / operating system.
Two-click Alert Creation:
- Login in to ThreatWatch and visit the“Threats” tab. Pick “Amazon” from the dropdown,the appropriate severity level of your interest from the filter and click on the save alert button. The time duration of the filter is not relevant in this scenario ( since alerts are always in future ).
- The “Save Alert” popup will allow you to provide a name for that alert and the email recipients to which the alert needs to be sent across. Click“Save” and you are done !
The recipients will start seeing alerts in their inbox as soon as Amazon patches vulnerabilities. These will also point to the exact source rpm’s that will need to be applied to mitigate those vulnerabilities.
You can also manage your alerts using ThreatWatch ReST API, https://threatwatch.io/apidocs/
Please do provide your comments and follow us on LinkedIn for latest updates to our blog.