tenable. Io can integrate with cloud providers to identify assets deployed in the cloud.
A previous demonstration showed scanning Amazon E C two instances by using a pre authorized scanner deployed in a virtual private cloud.
Although this is the best method for gathering vulnerability information about your instances, you may want to see an inventory of assets deployed across your entire cloud infrastructure.
You can gather this information by leveraging the cloud auditing capabilities of tenable Io
within tenable IO. Create a new scan. You using the cloud auditing template
provide a name and description you can choose any scanner that is capable of reaching Amazon Web service is whether it's an on premises scanner or a scanner provided by tenable IO. Next ad credentials
for Amazon Web service is provide the access key and secret key for the account to be used. It is best practice to designate an account for scanning purposes.
This account only requires read only access to the AWS resource is choose the region's, from which you wish to gather data for some scans, you may want to choose only the regions where you have service is deployed. However,
it is important to also run a scan with all regions selected so you can identify potentially unknown or rogue service is in use.
Then choose a compliance standard.
Any of these will provide valuable information about your cloud environment. Please note that this scan will return a wealth of additional information beyond the scope of this demonstration.
Save and launch your scan.
When viewing results navigate to the compliance section,
use the search box to find information about E. C. Two instances.
This example shows a list of all E C two instances in each location and their status.