General Guidelines on what should be scanned
Cloud Assets
Cloud assets refer to virtual resources and services provided by cloud platforms like Azure and AWS. These include infrastructure, platforms for application development, software applications, storage, databases, analytics, networking, security, and IoT solutions.
Businesses can utilize cloud assets like virtual machines, cloud storage, software applications, data backup, communication tools, CRM systems, analytics services, and security solutions to enhance operations and scalability.
Question: Which assets should I be scanning for Vulnerabilities?
Well it depends on the type of scan you are performing but the recommendation is to scan all assets that you know of and also run a Discovery Scan for Assets that you do not know of.
Question: How can I determine which assets I have in my cloud subscriptions?
The difference between traditional networks and cloud is that in the cloud it is a bit harder to have assets that you do not know of as you can discover all existing instances with ease having the right permissions.
Amazon Web Services - AWS
Scanning an entire subnet has the advantage that it would discover instances provisioned after the scan was configured. If you are scanning individual hosts then the Scan Surface needs to be updated each time a new host is provisioned.
How to discover AWS subnets in your subscriptions
Log in to your AWS Account
Browse to VPC > Subnets
Take note of all IPv4 CIDR addresses, these are the subnets that we will need to scan
Note: Each AWS Region may have different values. So please check all Regions where you have resources.
You can also do this from the AWS Cloudshell
Start the AWS Cloudshell
This can be found on the top ribbon:
Run the following script that is going to extract the information from all regions:
# Retrieve list of AWS regions regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) # Iterate through each region for region in $regions; do echo "Region: $region" # List subnets in the current region aws ec2 describe-subnets --region $region --query 'Subnets[*].[SubnetId, VpcId, CidrBlock, AvailabilityZone]' --output table echo "" done
Example output:
Region: us-west-1 | DescribeSubnets | +------------------+---------------+------------------+-------------+ | subnet-72246d15 | vpc-301c8151 | 172.33.16.0/22 | us-west-1b | | subnet-feaa2da6 | vpc-301c8151 | 172.33.0.0/22 | us-west-1a | +------------------+---------------+------------------+-------------+
After knowing all the AWS Subnet information you may add them to the scan surface:
Log in to the Coda Footprint platform and browse to Scan Surface > Agentless Scan Surface > Add elements to agentless scan surface
How to discover AWS instance IP addresses in your subscriptions
Scanning specific hosts is faster and provides less overhead as there are is no traffic generated to scan IP’s that do not have an existing host attached. However this would not automatically detect newly provisioned hosts. Each time you are adding new machines you would need to also update the Scan Surface.
Log into your AWS account
Browse to EC2 > Instances
For each instance take note of it's Public IP (this should be scanned with the Cloud Scanner)
For each instance take note of it's Private IP by clicking on the instance and browsing to the Networking Tab. (this should be scanned with the Internal Scanner)
NOTE: There is also an AWS IPAM but this needs to be be configured beforehand https://console.aws.amazon.com/ipam/
You can also do this from the AWS Cloudshell
Start the AWS Cloudshell
This can be found on the top ribbon:
Run the following script that is going to extract the information from all regions:
for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do > echo "Region: $region" > aws ec2 describe-instances --region $region --query "Reservations[].Instances[?VpcId!='null'].PrivateIpAddress" --output text > echo > done
Example output:
Region: eu-north-1 Region: eu-west-3 Region: eu-west-2 Region: eu-west-1 Region: ap-northeast-3 Region: ap-northeast-2 Region: ap-northeast-1 Region: ca-central-1 Region: sa-east-1 192.168.77.1 192.168.77.3 Region: ap-southeast-1 Region: ap-southeast-2 Region: eu-central-1 10.58.55.109 Region: us-east-1 Region: us-east-2 10.22.22.10 10.22.22.11 10.22.22.13 Region: us-west-1 Region: us-west-2
After knowing all the hosts, you may add them to the Scan Surface:
Log in to the Coda Footprint platform and browse to Scan Surface > Agentless Scan Surface > Add elements to agentless scan surface
Microsoft Azure
Scanning an entire subnet has the advantage that it would discover instances provisioned after the scan was configured. If you are scanning individual hosts then the Scan Surface needs to be updated each time a new host is provisioned.
How to discover Azure subnets in your subscriptions
Login to Microsoft Azure Portal
Search for VirtualNetworks
Edit the Manage View > Edit Columns View to show Address Space
Take note of the Address space entries. Those are the subnets you are looking for
You can also perform this same task using Azure Cloudshell
You need to select “bash” and paste the following script:
#bash for resourceGroup in $(az group list --query "[].name" --output tsv); do echo "Resource Group: $resourceGroup" for vnetName in $(az network vnet list --resource-group $resourceGroup --query "[].name" --output tsv); do echo "Virtual Network: $vnetName" az network vnet subnet list --resource-group $resourceGroup --vnet-name $vnetName --query "[].addressPrefix" --output tsv echo done done
How to discover Azure instance IP addresses in your subscriptions
Scanning specific hosts is faster and provides less overhead as there are is no traffic generated to scan IP’s that do not have an existing host attached. However this would not automatically detect newly provisioned hosts. Each time you are adding new machines you would need to also update the Scan Surface.
Login to Microsoft Azure Portal
Search for Virtual Machines
Edit the Manage View > Edit Columns View to show Public IP Address and Private IP Address
You can perform the same task from the Cloudshell. Make sure to select Bash
Paste the following command:
az vm list-ip-addresses --query "[].virtualMachine.network.privateIpAddresses" --output table
Example output:
Column1 ----------- 10.1.0.4 10.2.10.40 10.3.0.4 172.16.68.9 172.16.68.4 172.16.68.5 172.16.68.8 172.16.68.7
Add the entries to scan surface:
Log in to the Coda Footprint platform and browse to Scan Surface > Agentless Scan Surface > Add elements to agentless scan surface
Reference: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/private-ip-addresses
Comments
0 comments
Please sign in to leave a comment.