Skip to content

Adds AWS Inspector cloud workflows guide & reorganizes docs section #3493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Oct 17, 2025
Merged

Adds AWS Inspector cloud workflows guide & reorganizes docs section #3493

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
67fe9d1
Adds AWS Inspector cloud workflows guide & reorganizes docs section
benironside Oct 15, 2025
243bf41
fixes ToC
benironside Oct 15, 2025
449e632
fixes broken ref
benironside Oct 15, 2025
d7b2034
Update solutions/security/cloud/integrations/ingest-third-party-cloud…
benironside Oct 15, 2025
be1dbdd
Merge branch 'main' into 367-internal
benironside Oct 15, 2025
53f03ee
Adds redirects and fixes links
benironside Oct 17, 2025
a27d8df
fixes broken links
benironside Oct 17, 2025
8ea4255
fixes redirect formatting
benironside Oct 17, 2025
a9483e6
fixes one more broken link
benironside Oct 17, 2025
9c589f8
Merge branch 'main' into 367-internal
benironside Oct 17, 2025
68f1698
Incorporates Nick's review
benironside Oct 17, 2025
222d21e
Merge branch '367-internal' of https://github.com/elastic/docs-conten…
benironside Oct 17, 2025
d320825
Merge branch 'main' into 367-internal
benironside Oct 17, 2025
bd412ad
Apply suggestions from code review
benironside Oct 17, 2025
b5624ab
Merge branch 'main' into 367-internal
benironside Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion solutions/security/cloud/findings-page.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ products:

$$$cspm-findings-page-filter-findings$$$

The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/ingest-third-party-cloud-security-data.md).
The **Misconfigurations** tab on the Findings page displays the configuration risks identified by the [CSPM](/solutions/security/cloud/cloud-security-posture-management.md) and [KSPM](/solutions/security/cloud/kubernetes-security-posture-management.md) integrations, as well as data from [third-party integrations](/solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md).

:::{image} /solutions/images/security-findings-page.png
:alt: Findings page
Expand Down
4 changes: 2 additions & 2 deletions ...ud/integrations/aws-config-integration.md → ...security/cloud/integrations/aws-config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ products:

This page explains how to make data from the AWS Config integration appear in the following places within {{elastic-sec}}:

- **Findings page**: Data appears on the Findings page's [Misconfigurations](/solutions/security/cloud/findings-page.md) tab.
- **Findings page**: Data appears on the [Misconfigurations](/solutions/security/cloud/findings-page.md) tab.
- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.


In order for AWS Config data to appear in these workflows:

* Follow the steps to [set up the AWS Config integration](https://docs.elastic.co/en/integrations/aws/config).
* Make sure the integration version is at least 4.0.0.
* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`.
* Ensure you have `read` privileges for the following index: `security_solution-*.misconfiguration_latest`.
23 changes: 23 additions & 0 deletions solutions/security/cloud/integrations/aws-inspector.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
applies_to:
stack: ga 9.2
serverless:
security: all
products:
- id: security
- id: cloud-serverless
---

# AWS Inspector

This page explains how to make data from the AWS Inspector integration appear in the following places within {{elastic-sec}}:

- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page.md) tab.
- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.


In order for AWS Inspector data to appear in these workflows:

* Follow the steps to [set up the AWS Inspector integration](https://www.elastic.co/docs/reference/integrations/aws/inspector).
* Make sure the integration version is at least 4.0.0.
* Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`.
0 ...ity/cloud/ingest-aws-security-hub-data.md → ...ty/cloud/integrations/aws-security-hub.md
View file
Open in desktop
File renamed without changes.
0 .../security/cloud/ingest-cncf-falco-data.md → ...security/cloud/integrations/cncf-falco.md
View file
Open in desktop
File renamed without changes.
2 changes: 1 addition & 1 deletion solutions/security/cloud/integrations/google-security-command-center.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ products:

This page explains how to make data from the Google Security Command Center integration appear in the following workflows within {{elastic-sec}}:

- **Findings page**: Data appears on the [Findings page's](/solutions/security/cloud/findings-page.md) **Vulnerabilities** tab and **Misconfigurations** tab.
- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab and the [Misconfiguations](/solutions/security/cloud/findings-page.md) tab.
- **Alert and Entity details flyouts**: Data appears in the **Insights** section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts.


Expand Down
21 changes: 16 additions & 5 deletions ...ingest-third-party-cloud-security-data.md → ...ingest-third-party-cloud-security-data.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,28 @@

You can ingest third-party cloud security alerts into {{elastic-sec}} to view them on the [Alerts page](/solutions/security/advanced-entity-analytics/view-analyze-risk-score-data.md#alerts-page) and incorporate them into your triage and threat hunting workflows.

* Learn to [ingest alerts from Sysdig Falco](/solutions/security/cloud/ingest-cncf-falco-data.md).

Check failure on line 25 in solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md

View workflow job for this annotation

GitHub Actions / preview / build 

`/solutions/security/cloud/ingest-cncf-falco-data.md` does not exist. If it was recently removed add a redirect. resolved to `/github/workspace/solutions/security/cloud/ingest-cncf-falco-data.md


## Ingest third-party security posture and vulnerability data [_ingest_third_party_security_posture_and_vulnerability_data]

You can ingest third-party data into {{elastic-sec}} to review and investigate it alongside data collected by {{elastic-sec}}'s native cloud security integrations. Once ingested, cloud security posture and vulnerability data appears on the [Findings](/solutions/security/cloud/findings-page.md) page, on the [Cloud Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md), and in the [entity details](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-details-flyout) and [alert details](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) flyouts.

::::{note}
Data from third-party integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md).
::::

Data from each of the following integrations can feed into at least some of these workflows:

* [AWS Security Hub](/solutions/security/cloud/ingest-aws-security-hub-data.md).
* [Wiz](/solutions/security/cloud/ingest-wiz-data.md).
* [Rapid7 InsightVM](/solutions/security/cloud/integration-rapid7.md).
* [Tenable VM](/solutions/security/cloud/integration-tenablevm.md).
* [Qualys VMDR](/solutions/security/cloud/integration-qualys.md).
* [AWS Config](solutions/security/cloud/integrations/aws-config.md)

Check failure on line 38 in solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md

View workflow job for this annotation

GitHub Actions / preview / build 

`solutions/security/cloud/integrations/aws-config.md` does not exist. If it was recently removed add a redirect. resolved to `/github/workspace/solutions/security/cloud/integrations/solutions/security/cloud/integrations/aws-config.md
* [AWS Inspector](solutions/security/cloud/integrations/aws-inspector.md)

Check failure on line 39 in solutions/security/cloud/integrations/ingest-third-party-cloud-security-data.md

View workflow job for this annotation

GitHub Actions / preview / build 

`solutions/security/cloud/integrations/aws-inspector.md` does not exist. If it was recently removed add a redirect. resolved to `/github/workspace/solutions/security/cloud/integrations/solutions/security/cloud/integrations/aws-inspector.md
* [AWS Security Hub](/solutions/security/cloud/integrations/aws-security-hub.md).
* [CNCF Falco](/solutions/security/cloud/integrations/cncf-falco.md)
* [Google Security Command Center](/solutions/security/cloud/integrations/google-security-command-center.md)
* [Microsoft Defender for Cloud](/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md).
* [Microsoft Defender for Endpoint](/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md).
* [Microsoft Defender XDR](/solutions/security/cloud/integrations/microsoft-defender-xdr.md).
* [Qualys VMDR](/solutions/security/cloud/integrations/qualys.md).
* [Rapid7 InsightVM](/solutions/security/cloud/integrations/rapid7.md).
* [Tenable VM](/solutions/security/cloud/integrations/tenablevm.md).
* [Wiz](/solutions/security/cloud/integrations/wiz.md).
4 changes: 0 additions & 4 deletions ...ions/security/cloud/integration-qualys.md → ...ons/security/cloud/integrations/qualys.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,6 @@ This page explains how to make data from the Qualys Vulnerability Management, De
- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab.
- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section).

:::{note}
Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md).
:::

In order for Qualys VMDR data to appear in these workflows:

- Ensure you have read privileges for the following index: `security_solution-*.vulnerability_latest`.
Expand Down
3 changes: 0 additions & 3 deletions ...ions/security/cloud/integration-rapid7.md → ...ons/security/cloud/integrations/rapid7.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,6 @@ This page explains how to make data from the Rapid7 InsightVM integration (Rapid
- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab.
- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section).

:::{note}
Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md).
:::

In order for Rapid7 data to appear in these workflows:

Expand Down
4 changes: 0 additions & 4 deletions ...s/security/cloud/integration-tenablevm.md → .../security/cloud/integrations/tenablevm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,6 @@ This page explains how to make data from the Tenable Vulnerability Management in
- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab.
- **Alert and Entity details flyouts**: Applicable data appears in the [Insights section](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section).

::::{note}
Data from this integration does not appear on the [CNVM dashboard](/solutions/security/cloud/cnvm-dashboard.md).
::::

In order for Tenable VM data to appear in these workflows:

- Ensure you have read privileges for the following index: `security_solution-*.vulnerability_latest`.
Expand Down
0 solutions/security/cloud/ingest-wiz-data.md → solutions/security/cloud/integrations/wiz.md
View file
Open in desktop
File renamed without changes.
19 changes: 10 additions & 9 deletions solutions/toc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -675,15 +675,16 @@ toc:
- file: security/cloud/cloud-workload-protection-for-vms.md
children:
- file: security/cloud/capture-environment-variables.md
- file: security/cloud/ingest-third-party-cloud-security-data.md
children:
- file: security/cloud/ingest-cncf-falco-data.md
- file: security/cloud/ingest-aws-security-hub-data.md
- file: security/cloud/ingest-wiz-data.md
- file: security/cloud/integration-qualys.md
- file: security/cloud/integration-tenablevm.md
- file: security/cloud/integration-rapid7.md
- file: security/cloud/integrations/aws-config-integration.md
- file: security/cloud/integrations/ingest-third-party-cloud-security-data.md
children:
- file: security/cloud/integrations/cncf-falco.md
- file: security/cloud/integrations/aws-security-hub.md
- file: security/cloud/integrations/wiz.md
- file: security/cloud/integrations/qualys.md
- file: security/cloud/integrations/tenablevm.md
- file: security/cloud/integrations/rapid7.md
- file: security/cloud/integrations/aws-config.md
- file: security/cloud/integrations/aws-inspector.md
- file: security/cloud/integrations/microsoft-defender-for-cloud.md
- file: security/cloud/integrations/microsoft-defender-for-endpoint.md
- file: security/cloud/integrations/microsoft-defender-xdr.md
Expand Down
Loading