AWS Systems Manager - Get Missing Patches for EC2 Instances for given Hostname

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

The playbook can be triggered manually from a Host Entity to get the missing patches on a managed EC2 instance. This playbook performs the following actions: 1. Get the Hostname from the Host Entity. 2. Get the Instance ID from AWS EC2 for given Hostname. 3. Get the missing patches for the Instance ID. 4. Add the missing patches to the incident comment.

Attribute Value
Type Playbook
Solution AWS Systems Manager
Source View on GitHub

Additional Documentation

📄 Source: AWSSystemsManagerPlaybooks/AWS-SSM-GetInstancePatches-HostEntityTrigger/readme.md

AWS-SSM-GetInstancePatches-HostEntityTrigger

Summary

The playbook can be triggered manually from a Host Entity to get the missing patches on a managed EC2 instance. This playbook performs the following actions:

  1. Get the Hostname from the Host Entity.
  2. Get the Instance ID of Managed EC2 instance for given Hostname.
  3. Get the missing patches for the Instance ID.
  4. Add the missing patches to the incident comment.



Prerequisites

  1. Prior to the deployment of this playbook, AWS Systems Manager API Function App Connector needs to be deployed under the same subscription.
  2. Refer to AWS Systems Manager API Function App Connector documentation to obtain AWS Access Key ID, Secret Access Key and Region.

Deployment instructions

  1. To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
  2. Fill in the required parameters:
    • Playbook Name
    • Functions App Name

Deploy to Azure Deploy to Azure

Post-Deployment instructions

a. Authorize connections

Once deployment is complete, authorize each connection.

  1. Click the Microsoft Sentinel connection resource
  2. Click edit API connection
  3. Click Authorize
  4. Sign in
  5. Click Save
  6. Repeat steps for other connections

b. Assign Playbook Microsoft Sentinel Responder Role

  1. Select the Playbook (Logic App) resource
  2. Click on Identity Blade
  3. Choose System assigned tab
  4. Click on Azure role assignments
  5. Click on Add role assignments
  6. Select Scope - Resource group
  7. Select Subscription - where Playbook has been created
  8. Select Resource group - where Playbook has been created
  9. Select Role - Microsoft Sentinel Responder
  10. Click Save

c. Function App Settings Update Instructions

Refer to AWS Systems Manager API Function App Connector documentation for Function App Application Settings (Access Key ID, Secret Access Key and Region) update instruction.

References

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Playbooks · Back to AWS Systems Manager