Find unused firewall rules in AWS
Does anyone know how to do a query on finding unused firewall rules in AWS security groups - ones that are not receiving any hits?
-
Hey Mike,
This forum post might be helpful here:
https://stackoverflow.com/questions/24685508/how-to-find-unused-amazon-ec2-security-groups -
I appreciate the response, but that post only shows how to find unused security groups. I am looking for unused security rules within the groups.
Since my initial post and the first response, I have been using a 3rd party app, which is not very good, so I am still looking for a better solution. What I am trying to find is a list of security rules within an active security groups- that had no activity (pass or denied traffic) within some specified time range (such as the last 6 months). The assumption would be that if no traffic has hit that security rule in the last 6 months, then it might be a rule that is not needed and can be removed from the security group - improving security.
It is a common feature in most 3rd party firewalls to be able to show this type of information, but I have not seen any cloud provider provide this information with their cloud native security solutions. I have looked for 3rd party cloud tools, but the only one I found isn't any good - meaning I found a tool on the AWS marketplace called piasoft flowlogs - but it is too buggy and not reliable. So I am am still wondering if anyone has created a query or app for Sumologic that can do this.
If I find something, I will post it here but if anyone else knows of a solution, please let me know.
Please sign in to leave a comment.
Comments
2 comments