Involves reviewing the version of database that are running and identifying if there are any Critical CVEs with the version.
Running RDS Postgres, RDS MySQL, RDS Aurora, Cassandra, Redshift, DynamoDB.
This task should scan all AWS accounts to get the list of RDS, Redshift and Dynamo databases and the current versions they are running
For Cassandra, this will require SSH to the instance to get the version running
Once all the databases and their running versions are identified, these versions should be compared to the CVE database to see if there are any Critical or vulnerabilities with the version
Output of this should be, if there is a Critical vulnerability, to the PCI-notification slack channel (channel needs to be created)
Each month a new Jira ticket is automatically created with this task. I would like this task to be able to be executed by Jenkins with the results automatically closing this ticket with the details of all the databases and versions running, in which AWS account and the CVEs that are High or Critical for the database.
Jenkins job should run on the 10th of each month, find the open ticket ID and then close the ticket adding the relevant information.