Automatically send vulnerabilities to AWS

Overview

You can connect Helm to AWS to automatically send vulnerabilities from selected products based on the trigger rules you define. This integration enables you to export vulnerability data to your AWS S3 buckets for further analysis, compliance reporting, or integration with other AWS security services.

The AWS integration provides a flexible way to export vulnerability data from Helm to your AWS infrastructure. This is particularly useful for organizations that need to:

• Feed vulnerability data into AWS-based SIEM systems

• Create custom analytics dashboards using AWS services

• Maintain compliance audit trails in AWS

• Integrate with existing AWS security workflows

• Backup vulnerability data for long-term retention

What you'll need

Before getting started, ensure you have:

• AWS Account ID (12-digit identifier)

• IAM Role ARN with S3 permissions

• S3 bucket name for storing vulnerability data

Configure AWS integration

1. Provide your AWS account ID, Role ARN, and S3 bucket name, then click Continue.

2. Create or select the products and versions for which you'd like to send vulnerability data to AWS. You can always come back and configure this later.

3. Select the triggers for each version of each product. This will send vulnerability data to AWS based on those triggers, such as particular severity levels, exploit sources, new vulnerabilities, remediations, and more. You can always come back and configure this later.

   1. Trigger types will likely include the following, but specific trigger options will be detailed when the integration is released.

      • Severity-based triggers: Export vulnerabilities above certain severity thresholds

      • Exploit-based triggers: Export when exploit code becomes available

      • New vulnerability triggers: Export newly discovered vulnerabilities

      • Remediation triggers: Export when vulnerabilities are fixed or mitigated

      • Time-based triggers: Export vulnerabilities discovered within specific timeframes

4. For each selected product, provide the S3 path to store vulnerability data in. You can always come back and configure this later. but you'll need to provide these before the integration can be enabled.

5. Review your configuration and complete any necessary steps.

6. Click Deploy integration to activate the integration with AWS. Helm will validate connectivity to your S3 bucket.

Managing the integration

Once deployed, you can:

• Monitor exports: View export history and success rates in the AWS integration dashboard

• Modify configuration: Add or remove products, update triggers, change S3 paths

• Pause/Resume: Temporarily disable exports without losing configuration

Modify configuration

You can update your configuration at any time:

• Add or remove products and versions

• Modify trigger criteria

• Change S3 paths or bucket destinations

• Update AWS credentials or roles

Security considerations

• Data privacy: Only vulnerability metadata is exported - no sensitive application code or internal details are transmitted.

• Encryption: All data transmission uses AWS standard encryption in transit, with files stored using server-side encryption in S3.

• Access control: Access is controlled through your AWS IAM policies and S3 bucket permissions.

• Authentication: Secure authentication uses AWS IAM roles and policies.

Cost considerations

This integration will incur standard AWS charges for:

• S3 storage costs for vulnerability data

• S3 PUT requests for file uploads

• Data transfer costs (typically minimal)

Limitations

• One-way export: This integration only exports data from Helm to AWS - remediation actions must be performed in Helm

• S3 only: Currently supports S3 export only - other AWS services are not directly supported

• Trigger dependency: Data is only exported when configured triggers are met - historical data export is not automatic

• No real-time sync: Exports occur on a scheduled basis, not in real-time

Key features

• Automatic data export: Vulnerabilities are automatically sent from Helm to AWS S3 based on your configured triggers.

• Flexible triggers: Configure exports based on severity levels, exploit sources, new vulnerabilities, remediations, and more.

• Scheduled synchronization: Regular exports keep your AWS data current with minimal manual intervention.

• Custom S3 paths: Organize exported data using your preferred S3 bucket structure.

• Trigger-based export: Only export the vulnerability data you need based on your specific criteria.

Best practices

Organization:

• Use consistent S3 path naming conventions across products

• Group related products in similar path structures

• Implement S3 lifecycle policies for old vulnerability data

Trigger configuration:

• Start with broader triggers and refine based on data volume

• Configure appropriate trigger frequencies to avoid overwhelming S3

• Monitor trigger effectiveness and adjust as needed

AWS management:

• Regularly review AWS costs associated with S3 storage and requests

• Use S3 transfer acceleration for large data volumes

• Monitor S3 access logs for security purposes

Troubleshooting

Integration fails during setup:

• Verify AWS account ID and role ARN are correct

• Check IAM permissions include required S3 actions

• Ensure S3 bucket exists and is accessible

No data being exported:

• Review trigger configuration for your products

• Check if products have vulnerabilities matching your triggers

• Verify S3 paths are valid and don't conflict

Export failures:

• Monitor S3 bucket permissions and policies

• Check AWS service limits and quotas

• Verify network connectivity to AWS services