To detect misconfigured cloud resources, Panther scans AWS accounts, models Resources, and uses Policies to evaluate their desired state.
Below is an example Policy to check if AWS ACM Certificate renewal has failed:
A Policy includes:
Metadata to provide the analyst context
An association with a specific Resource Type
policy function with a
resource argument to analyze resource attributes
True if the resource is compliant or
False if non-compliant
Python provides high flexibility in defining your Policy logic, and the following libraries are supported:
AWS SDK for Python
Parse AWS ARNs and Policies
Easy HTTP Requests
By default, Policies are loaded from Panther's open-source packs which cover the CIS Benchmark. You can easily write your own policies based on specific internal use cases.