In addition to having a secure configuration baseline, there should also be a general policy to define what should be scanned and what tools can apply:
|
Purpose |
Open source tools |
Common vulnerabilities and exposures (CVEs) |
To understand if there are any publicly known vulnerabilities in the cloud services. Refer to |
OpenVAS, NMAP |
Integrity monitoring |
It determines if major system configuration files have been tampered with. |
OSSEC |
Secure configuration compliance |
Secure configuration to meet industry best practices. |
OpenSCAP |
Sensitive information exposure |
To review whether there is any personally identifiable information, ... |