Aqua CSPM scans are comprised of various security checks represented as "plugins." For example, a plugin may be "AWS EC2 Security Group Open Ports" or "AWS S3 Bucket Public Access" to reflect the specific checks being performed for those resources.
TABLE OF CONTENTS
Introduction to Plugins
CSPM plugins are written to evaluate cloud provider API response data. Plugins interpret this data in the context of the security control being evaluated, any custom inputs or settings, and the account conditions, to produce scan results. Aqua has over 400 plugins for its CSPM capability, which covers numerous services across all supported cloud providers.
Types of Plugins
- Default Plugin - These are pre-defined plugins that are generic for all users. They check for compliance against security best practices.
- Custom Plugin - These are user-defined and can be customized based on individual user needs. The users can define their own conditions for security checks.
Each plugin produces one or more results mapped to a resource, where applicable. Plugin outputs include the following information:
- Result - either "PASS," "WARN," "FAIL," or "UNKNOWN" representing the status of the finding
- Region - the cloud provider region or location in which the finding occurred
- Resource - if the finding impacts a specific resource, such as the S3 bucket ARN or compute instance ID
- Message - an explanation of the finding explaining why the result was produced
You can read more about plugin results here.
Default plugins can be customized in several ways:
- Suppressing their output so that results do not appear on scan reports (Read more)
- Overriding their severity level (Read more)
- Providing optional inputs to further customize the plugin behavior (Read more)
If there are specific plugins or modifications to plugins you wish to see in the Aqua, you may contribute these changes via the open-source project, CloudSploit by Aqua.