How can I create a detection in Panther based on an EC2 event and retrieve security group attributes?
QUESTION
How can I create a detection in Panther based on an EC2 event and retrieve security group attributes?
ANSWER
To do this, you can use Panther's resource_lookup helper function to retrieve the most recent scan of the EC2 security groups. However, it can only retrieve the attributes that have been scanned. You can refer to Panther's EC2 SecurityGroup documentation for more information and an example of the included fields.