Amazon Elastic Container Registry (ECR)

Version: ETS-AWS-LogForwarder v1.1.0 and above.

Amazon Elastic Container Registry (Amazon ECR) is a managed container registry that facilitates storage, management, sharing, and deployment of container images and artifacts. It eliminates the need to operate your container repositories or scale the underlying infrastructure. Images hosted are highly available and have a high-performance architecture, allowing deployments with reliability.

Netsurion's Open XDR platform monitors events from Amazon ECR by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. Dashboards and reports in Netsurion's Open XDR platform allow you to monitor the overall actions that are being performed related to the Amazon ECR service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.

For a new instance, integrate the AWS instance to Netsurion using the Netsurion integrator lambda function, which will in turn deliver logs to Netsurion from AWS. For an already-integrated AWS instance, make sure to update to ETS-AWS-LogForwarder v1.1.0 or above.

Once configured to deliver events to Netsurion Manager, the alerts, dashboards, and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Amazon ECR - Forced repository deletion detected This alert is triggered when an ECR repository is deleted which has images present in it.
Security Amazon ECR - High priority life-cycle policy added This alert is triggered when a high priority life-cycle policy is added to a repository which may override the existing policies.
Security Amazon ECR - Image scan disabled This alert is triggered when image scanning is changed from enabled to disabled for an ECR repository.
Security Amazon ECR - Image tag overwrite enabled This alert is triggered when image tagging is changed from immutable to mutable, which disables image overwrite protection.
Security Amazon ECR - Registry policy changes detected This alert is triggered when changes in critical registry policies are detected.
Security Amazon ECR - Repository policy changes detected This alert is triggered when changes in critical repository policies are detected.

Reports

Type Name Description
Security Amazon ECR - Repository-related activities This report will contain relevant information related to repositories in Amazon ECR.
Security Amazon ECR - Registry-related activities This report will contain relevant information related to registries in Amazon ECR.
Security Amazon ECR - Vulnerability scan This report shows relevant details related to the vulnerability scans performed by AWS when an image is pushed to an ECR repository.

Documentation

The configuration details are consistent with the Netsurion Open XDR platform version 9.3 and later, and ETS AWS LogForwarder.

Download Integration Guide and How-to Guide for more information and to configuration instructions.