Aqua Wave CSPM scans are comprised of various security checks represented as "plugins." For example, a plugin may be "AWS EC2 Security Group Open Ports" or "AWS S3 Bucket Public Access" to reflect the specific checks being performed for those resources.


Introduction to Plugins

CSPM plugins are written to evaluate cloud provider API response data. Plugins interpret this data in the context of the security control being evaluated, any custom inputs or settings, and the account conditions, to produce scan results. Aqua Wave has over 400 plugins for its CSPM capability, which cover numerous services across all supported cloud providers.

Plugin Results

Each plugin produces one or more results mapped to a resource, where applicable. Plugin outputs include the following information:

  • Result - either "PASS," "WARN," "FAIL," or "UNKNOWN" representing the status of the finding
  • Region - the cloud provider region or location in which the finding occurred
  • Resource - if the finding impacts a specific resource, such as the S3 bucket ARN or compute instance ID
  • Message - an explanation of the finding explaining why the result was produced

You can read more about plugin results here.

Customizing Plugins

Plugins can be customized in several ways:

  • Suppressing their output so that results do not appear on scan reports (Read more)
  • Overriding their severity level (Read more)
  • Providing optional inputs to further customize the plugin behavior (Read more)

Contributing Plugins

If there are specific plugins or modifications to plugins you wish to see in Aqua Wave, you may contribute these changes via the open source project, CloudSploit by Aqua.