Remediate

You can fix risks identified in Spot Security using the remediation flow.

You can remediate the risks using:

• Automatic remediation from the Spot console
• Manual remediation

Automatic Remediation from the Console

Set Up Auto Remediation

1. In the left main menu, click Spot Security > Administration.

2. Click the Auto Remediation tab and click to enable auto remediation. Only users with Organization Admin or Spot Connect Full Access can enable auto remediation.

   View image

   

3. Onboard your account to Spot Connect:

   1. At the top of the Administration page, click the Spot Connect link in the message.

      View image

      

   2. Click Add Account and configure AWS in Spot Connect.

4. You can give other users permissions for auto remediation:

   1. In Spot Connect, select the workspace Spot Security Auto Remediation.

   2. Go to Settings > Workspace Users.

   3. Update the permissions:

      • To onboard a new account to Spot Connect, select Integration Create/Edit.
      • To activate an individual rule in Spot Security, select Workflow Create/Edit.
      • To click Run Remediation in Spot Security, select Workflow Execute.
      • To delegate access management to other users, select Workspace Edit. These users must also have Organization Admin or Spot Connect Full Access.
      View image

      

   4. Click Update.

5. Go to Spot Security > Administration > Auto Remediation.

6. Turn on Activate for the rules you want to use auto remediation for.

   View image

   

Run Remediation for Eligible Rules with Failed Assets

1. Go to the Risk Analysis Page and sort the list by the auto remediation column or filter on auto remediation: eligible.
2. Click on the failed assets link for a security rule that is eligible.
   View image

   
3. Select the eligible failed assets to remediate, and then click Actions > Run Remediation.
   View image

   
4. You can select multiple risks to remediate, or click Add New to add one risk at a time.
   View image

   
5. Click Remediate.

Recently Auto Remediated and Rollback

Once auto remediation starts, the asset is grayed out. If the remediation is successful, the asset still appears in the Failed Assets tab until the next scan removes it.

You can see the remediated risks in the Recently Auto Remediated tab. Roll back risks by selecting them and clicking Rollback.

You can only roll back risks where Operation Type is Auto Remediation, and less than 72 hours have passed since you fixed it.

View image

Select Show Failed Execution to see which auto remediation actions failed. You can add the Reason column to see more information about why it failed.

View image

Remediate Manually

You can get to the manual Remediation page from:

• Security Dashboard: click Remediate on a security rule.
• Risk Analysis: click Remediate on a failed asset, and then click Remediation Steps.

Using CLI

Copy and paste the commands listed in Using AWS CLI. Replace the placeholder values with the actual asset details.

You can also edit the commands directly in the console before copying.

View image

Using AWS Console

Follow the steps listed to remediate in the AWS Console.

View image

Using Python

Copy the code from Using Python. Replace the placeholder values with the actual asset details.

You can also edit the commands directly in the console before copying.

In addition, you can write Lambda functions to automate remediation using the Python script. This lets Spot automate remediations of security issues.

View image