Trusting InsightCloudSec with AWS GuardDuty

If you use AWS GuardDuty, you will need to add the IP address range associated with your InsightCloudSec instances to the trusted IP list in the AWS accounts you will be scanning. This action must be completed through the AWS console under the GuardDuty service.

Prerequisites

You must be a user of a master GuardDuty account to upload and manage trusted IP addresses; users who are members of GuardDuty accounts do not have these privileges.

🚧

Required Permissions to Manage Trusted Lists:

"iam:PutRolePolicy"
"iam:DeleteRolePolicy"

Adding InsightCloudSec to the Trusted IP Address List

Identify the Trusted IP Address for Your InsightCloudSec Instance

1. Log in to the AWS console and navigate to the GuardDuty page. Select "Findings".

2. Select the Finding Type/Resource you wish to trust. Scroll down in the panel that opens on the right and identify the IP address for your resource.

3. Note the IP address.

4. Repeat #2 and #3 above for each Finding Type/Resource you wish to trust.

Create the List of Trusted IP Addresses

1. Create a text file in which to log the IP addresses you wish to trust, one IP address per line.

2. Move your list of trusted IP addresses to an S3 bucket. Note the S3 bucket’s name.

Add the Trusted IP Address List to GuardDuty

1. Navigate to the “Lists” section of the GuardDuty page.

2. Select “Add a trusted IP list”:

• Give your list a name
• Add the file containing your list (Click here for details about creating and uploading lists.)

3. Select “Active” to make your list active.

Note: At any given time, you can have only one uploaded trusted IP list per AWS account per region.