To detect misconfigured cloud resources, Panther can scan AWS accounts, model the Resources within them, and then use Policies to evaluate their desired secure state.
For example, Panther can be used to detect the following common security issues:
S3 Buckets do not have encryption enabled
VPCs allows inbound SSH traffic from
Access Keys are older than 90 days
IAM policies are too permissive
The screenshot below is an example Policy to check if AWS ACM Certificate renewal has failed:
A Policy contains:
Metadata to provide the analyst context
An association with a specific Resource Type
policy function with a
resource argument to analyze resource attributes
True if the resource is compliant or
False if non-compliant
Python provides high flexibility in defining your Policy logic, and the following libraries are supported:
AWS SDK for Python
Parse AWS ARNs and Policies
Easy HTTP Requests
By default, Policies are loaded from Panther's open-source packs which cover the CIS Benchmark. You can easily write your own policies based on specific internal use cases.
In the next page, we'll show how to setup a scan functionality and perform periodic scans of your AWS accounts.