Amazon Elastic Container Registry (ECR)

Version: ETS-AWS-LogForwarder v1.1.0 and above.

Amazon Elastic Container Registry (Amazon ECR) is a managed container registry that facilitates storage, management, sharing, and deployment of container images and artifacts. It eliminates the need to operate your container repositories or scale the underlying infrastructure. Images hosted are highly available and have a high-performance architecture, allowing deployments with reliability.

Netsurion Open XDR monitors events from Amazon ECR by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. Dashboards and reports in Netsurion Open XDR allow you to monitor the overall actions that are being performed related to the Amazon ECR service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.

For a new instance, integrate the AWS instance to Netsurion Open XDR using the Netsurion integrator lambda function, which will in turn deliver logs to Netsurion Open XDR from AWS. For an already-integrated AWS instance, make sure to update to ETS-AWS-LogForwarder v1.1.0 or above.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Amazon ECR – Forced repository deletion detected This alert is triggered when an ECR repository is deleted which has images present in it.
Security Amazon ECR – High priority life-cycle policy added This alert is triggered when a high priority life-cycle policy is added to a repository which may override the existing policies.
Security Amazon ECR – Image scan disabled This alert is triggered when image scanning is changed from enabled to disabled for an ECR repository.
Security Amazon ECR – Image tag overwrite enabled This alert is triggered when image tagging is changed from immutable to mutable, which disables image overwrite protection.
Security Amazon ECR – Registry policy changes detected This alert is triggered when changes in critical registry policies are detected.
Security Amazon ECR – Repository policy changes detected This alert is triggered when changes in critical repository policies are detected.

Reports

Type Name Description
Security Amazon ECR – Repository-related activities This report will contain relevant information related to repositories in Amazon ECR.
Security Amazon ECR – Registry-related activities This report will contain relevant information related to registries in Amazon ECR.
Security Amazon ECR – Vulnerability scan This report shows relevant details related to the vulnerability scans performed by AWS when an image is pushed to an ECR repository.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and ETS AWS LogForwarder v1.1.0 and above.

Download Integration Guide and How-to Guide for configuration instructions and more information.