Views:

Enable Container Security on your connected AWS accounts to start protecting your Amazon ECS containers.

Procedure

  1. Go to Service ManagementCloud Accounts.
  2. Click the AWS tab.
  3. Click the name of your existing AWS account in the list.
    The Cloud Account Settings panel opens.
  4. Click the Stack Update tab.
  5. Review each security feature and enable the features to apply to your Amazon ECS cluster.
    Important
    Important
    You must turn on Container Security for Amazon ECS for Container Security protection.
    Feature
    Description
    Core Features
    The core set of features and permissions required to connect your AWS account
    Core features enable you to connect your AWS account to Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure.
    Note
    Note
    Core features are required to connect your AWS account and cannot be disabled. If you need to disconnect your account, see AWS accounts
    Agentless Vulnerability & Threat Detection
    The feature and permission set to enable Attack Surface Risk Management (ASRM) capabilities for your account
    This feature set allows Trend Vision One to deploy Agentless Vulnerability & Threat Detection in your AWS account to discover vulnerabilities and malware in AWS EBS volumes attached to EC2 instances, ECR images, and Lambda functions with zero impact to your applications. To learn more, see Agentless Vulnerability & Threat Detection.
    Container Protection for Amazon ECS
    Important
    Important
    Required for Container Security protection
    The feature and permission set to view and protect your containers
    This feature set allows Container Security to connect and deploy components to your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments.
    Important
    Important
    • As of November 2023, AWS private and freemium accounts only allow a maximum of 10 Lambda executions. Container Protection deployment requires at least 20 concurrent Lambda executions. Please verify your AWS account status before enabling this feature.
    • At this time, the ECS runtime vulnerability scanning feature does not support scanning ECR images installed on AWS accounts where Container Security is not installed.
    XDR for Cloud - AWS CloudTrail
    The feature and permission set to enable Cloud Audit Log Monitoring for your account
    This feature set enables XDR monitoring of your cloud account to gain actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, and other attack techniques. Detections generated by this feature can be viewed in the Search and Workbench apps.
    This feature requires additional configuration of your CloudTrail settings. For more information, see CloudTrail configuration.
    Note
    Note
    XDR for Cloud requires credits to use. Click the Credit Settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) to manage your data allowance limit and allocated credits and view a graph of past data usage.
    Cloud Response for AWS
    The feature and permission set to allow response actions for your account
    This feature set allows Trend Vision One permission to take response actions to contain incidents within your cloud account, such as revoking access for suspicious IAM users. Additional response actions leverage integration with third party ticketing systems. Response actions can be taken from the context menu in the Workbench app.
    This feature requires enabling XDR for Cloud - AWS CloudTrail for your account.
  6. Obtain the necessary S3 URL which contains all the configured template changes needed to update the stack in your AWS account by clicking Copy S3 URL.
  7. In another browser tab, sign in to the AWS account that you are updating.
    Important
    Important
    The following AWS instructions were valid as of February 21, 2024. For further help, check your Amazon documentation.
  8. Go to CloudFormation and click your stack name.
    Tip
    Tip
    You can locate the stack name by viewing the Cloud Account Settings Stack Update tab in the Trend Vision One console.
  9. Click Update.
  10. Select Replace current template and paste the copied S3 URL.
  11. Deploy the template to complete the update.
  12. In the Trend Vision One console, complete the update in the Cloud Account Settings Stack Update tab by clicking Save Changes.
    Allow some time for the stack update progress to complete before proceeding. Once the stack update process is complete, you can begin assigning policies to your clusters.