The first step in configuring Panther's compliance feature is enabling scans. The CloudFormation stack below creates an IAM role with the AWS managed policy called
SecurityAudit. This policy is designed specifically for scanning AWS accounts for security vulnerabilities. Panther will assume this role to ensure your AWS account is compliant and secure.
Follow the steps below to onboard each AWS account.
Login to your Panther Dashboard.
From Settings, click Sources, and then
AWS Account Sources
Enter your account details and then click
Launch Stack button, which will open CloudFormation in the AWS account you are currently logged into.
true under the
DeployCloudWatchEventSetup, which will create an additional IAM Role needed to consume real-time events.
MasterAccountId, which is the 12-digit AWS Account ID where Panther is deployed
Create stack button. After about 30 seconds, the stack's
Status should change to
CREATE_COMPLETE. If there is an error creating the stack, then an IAM role with the same name may already exist in your account.
Click through to the last page, and select
Add New Source
The next section will detail how to monitor changes to AWS resources in real-time.