By registering AWS authentication information, you can select EC2 instances from the FutureVuls screen and scan them on demand.
The SSM scan results can be checked in
SSM command history and
SSM-based scans can only be performed on the local scan server.
SSM scans are only available for scanner version vuls v0.7.0 build-20190605_091348_d2daa3a and later.
If you have an older version, please update the scanner.
AmazonSSMManagedInstanceCorepolicy (AWS documentation)
sudo yum -y install amazon-ssm-agent(for AmazonLinux; see the above documentation for other OSes)
sudo systemctl start amazon-ssm-agent(for AmazonLinux; see the above documentation for other OSes)
Managed Instancesin AWS System Manager.
Configure button on the AWS Integration page in Group settings.
Execute the displayed command (AWS CLI) in an environment where the AWS CLI is installed and configured (the
ssm.DeleteDocument permissions are required), and click Next.
SSM-based scan is
set up, it is complete.
After configuring SSM as described above, information on whether each server can be integrated with SSM is incorporated into FutureVuls at the time of scanning.
SSM integration column of the server list is marked with
○, the setup is complete.
When adding servers managed by SSM after configuring AWS authentication, they will be automatically integrated with FutureVuls during the timing of the scan.
Click the scan execution button that appears on the server details screen to start the scan.
SSM command execution history and execution status can be checked from
SSM command history.
Scan success and failure can be checked from the scan history.
If a message like the following appears in the command history, follow the steps below to check the result.
Amazon Systems Manager > Run Command > Command Historyof the target AWS account.