Continuously audit and monitor EC2 Security Group configurations and enforce security compliance as code with Panther.

A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Use Panther to track real-time changes to your security group to ensure configurations meet your business requirements for security and compliance.

Monitoring security group is critical for understanding the history of network traffic changes in your EC2 and detecting suspicious activity. Use Panther’s built in policies for continuous monitoring of security group resources, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for EC2 Security Group with Panther include:

• Ensure security groups have restrictive permission sets that both limit the total number of open ports, as well as limiting ports typically associated with insecure protocols.

• Ensure security groups have restrictions on outbound and inbound traffic.

How it Works

The integration is simple and fast:

• Connect your AWS account to Panther

• A baseline scan is performed to identify all existing security group in your EC2 instances

• Built-in detections identify security issues

• Alerts will be sent if non-compliant security group exists

Use Panther to search all security groups in an EC2 account by name, view their compliance status, associated policies, and configured remediations. Learn more about using Panther to analyze your AWS logs for security insights.