We provide you with actions that you can execute on instances to quickly fix unknown behavior of an instance or vulnerability on an instance.
Use Case: Search EC2 instance with critical vulnerability having IAM profile associated.
Action: Stop Instance, Remove IAM Profile
Benefit: Block instances having critical vulnerability from accessing AWS services or stop instance to quarantine it.
You can directly control remediable actions from Qualys for Instance resources.
We support the following actions for AWS Instance resources:
The Stop Instance action allows you stop an already running instance on AWS cloud. You can use the action as an immediate response on a newly detected unknown instance. For example, if you operate only in Mumbai region, but instances are detected in North Carolina region (where you do not operate). In such cases, the first response action towards such unknown instance would be to stop the instance and then troubleshoot it.
You can now execute actions on such instances from Qualys console.
1. Go to Resources > Amazon Web Services > Instance resource type. All the instances in your account are listed. The Actions column displays the possible actions.
Click the Stop Instance action.
Specify a comment and select the authorization check box.
Click Execute Action.
You can view the history of actions executed on instances. Simply, select the instance, and select Show Action Log from the quick action menu. The Action Log displays the list of actions executed on the instance. Show meShow me
The Remove IAM profile action allows you disassociate an IAM profile from the instance. Removing IAM profile stops access to other AWS resources that may be available through the associated IAM role. You can execute the action in following scenarios:
Go to Resources > Amazon Web Services > Instance resource type. All the instances in your account are listed. The Actions column displays the possible actions.
Click Remove IAM Profile action.
The Remove IAM profile pop-up is displayed.
Specify a comment and select the authorization check box.
Click Execute Action.
You can view the history of actions executed on instances. Select the instance, and select Show Action Log from the quick action menu. The Action Log displays the list of actions executed on the instance.