icon-dspm.svg
Posture Control (DSPM)

Configuring Scan Settings for AWS Virtual Machine

You can configure the scan settings to scan the Amazon Web Services (AWS) virtual machines. DSPM scans the EC2 instances for any sensitive data. The scan results are displayed on the Data Inventory page.

You can configure the scan settings after onboarding the AWS accounts. To learn more, see About Cloud Accounts.

To scan the AWS virtual machines:

    1. Go to Administration > Scan Settings.

    2. Select the Scan Settings tab.

      If you are configuring the scan settings for the first time, the following page appears:

    3. Click Configure Scan Settings.

    4. For subsequent configurations, click Add New on the Scan Settings page.

    5. On the Select Cloud Type and Resource Type page:

      • For Cloud Type, select AWS.
      • For Resource Type, select Virtual Machine.

    6. Click Next.
    Close
    1. On the Select the Resources to Scan page, select one of the following options:

      • Scan All Accounts: Scans all the virtual machines across all onboarded accounts.

      • Exclude Accounts from the Scan: Exclude specific accounts from the scan. When you select this option, the list of accounts is displayed. Select the checkbox for the accounts that must be excluded from the scan.

      • Scan Specific Accounts: Scan only specific accounts. When you select this option, the list of accounts is displayed. Select the checkbox for the accounts that must be scanned.

      • Scan Specific Instances: Specify the virtual machines that must be scanned. When you select this option, enter the key-value pairs for the instances. You can add multiple key-value pairs.

    2. Enable Malware Scanning: Enable this option if the resources must be scanned for malware. This option is disabled by default.

    3. Click Next.

    4. If you chose Scan All Accounts, Exclude Accounts from the Scan, or Scan Specific Accounts, you can optionally exclude some VMs from the scan. Enter the instance IDs of the VMs you want to exclude from the scan.

      Exclude Operating System Directories Files from Scanning is enabled by default. To include the OS directories in the scan, disable this option.

      The following directories are excluded from the scan:

        • /usr/local/
        • /usr/lib/
        • /usr/lib64/
        • /usr/share/
        • /usr/bin/
        • /usr/sbin/
        • /usr/src/
        • /usr/include/
        • /usr/libexec/
        • /var/app/
        • /var/log/
        • /var/lib/
        • /var/cache/
        • /etc/
        • /boot/
        Close
        • C:\Program Files\
        • C:\Program Files (x86)\
        • C:\Windows\
        Close
        • /smui/
        • /smca/
        • /opt/elasticbeanstalk/
        Close

    5. Click Next.
    Close

    1. On the Scan Schedule page, select the scan frequency:

      • Daily: Scan the data daily.
      • Weekly: Scan the data once a week. Select the day from the drop-down menu.
      • Monthly: Scan the data once a month.

    2. Click Next.
    Close

    1. On the Scan Scope page, choose a scan scope from the drop-down menu to set up your scan settings.

      To learn more about configuring and creating a scan scope, see Configuring Scan Scope.

    2. Click Next.
    Close

    1. Review the scan settings. Click the Edit icon to change any values, if required.

    2. Click Finish.
    Close
Related Articles
Configuring Scan Settings for AWS NoSQL Data StoresConfiguring Scan Settings for AWS Cloud StorageConfiguring Scan Settings for AWS DatabaseConfiguring Scan Settings for AWS Virtual Machine