Trusting InsightCloudSec with AWS GuardDuty

This page has moved

For up-to-date information about AWS Configuration options, go to AWS Additional Configuration.

If you use AWS GuardDuty, you will need to add the IP address range associated with your InsightCloudSec instances to the trusted IP list in the AWS accounts you will be scanning. This action must be completed through the AWS console under the GuardDuty service.

Prerequisites

You must be a master user of a GuardDuty account to upload and manage trusted IP addresses. Users who are members of GuardDuty accounts do not have these privileges.

Required Permissions to Manage Trusted Lists

The following permissions are required to manage Trusted Lists:

  • iam:PutRolePolicy
  • iam:DeleteRolePolicy

Adding InsightCloudSec to the Trusted IP Address List

Identify the Trusted IP Address for Your InsightCloudSec Instance

  1. Log in to the AWS console and navigate to the GuardDuty page.
  2. Select Findings.
  3. Select the Finding Type/Resource you wish to trust.
  4. Scroll down in the panel that opens on the right and note the IP address for your resource.
  5. Repeat the preceding steps for each Finding Type/Resource you wish to trust.

Create the List of Trusted IP Addresses

  1. Create a text file in which to log the IP addresses you wish to trust, one IP address per line.
  2. Move your list of trusted IP addresses to an S3 bucket. Note the S3 bucket’s name.

Add the Trusted IP Address List to GuardDuty

  1. Go to the Lists section of the GuardDuty page.
  2. Click Add a trusted IP list and do the following:
    1. Give your list a name
    2. Add the file containing your list (Click here for details about creating and uploading lists.)
  3. Select Active to make your list active.

At any given time, you can have only one uploaded trusted IP list per AWS account per region.