CTS-AI has been merged with Samurai XDR and is no longer supported.

AWS Maintenance

The following is a step-by-step tutorial on how to maintain the AWS service after enrollment

When the CTS detects a threat, it will add the malicious host to both Inbound and Outbound rules. On the free tier, 'Starter', up to 18 entries will be stored. After 18 entries, the list will fill up and the CTS can't add any more to it. This is a limitation of AWS's own service.

On our paid subscription models, once all 18 slots have been used up, the CTS will start to delete the oldest entries to make space for the newer ones. Once again, the total of 18 entries is a limitation of the AWS service.

In either case, we recommend monitoring the ACL and to automate a perimeter firewall to digest offending IP addresses.

  • If you are on our free tier, you can purge the ACL entries by navigating to VPC / Network ACLs. Then, check 'CTS Active Response' and click on 'Inbound rules' and on 'Edit inbound rules'
purge ACL entries
  • Here, you can delete rules 1 through 18. Do not delete number 32757. If you do so, you will BLOCK all traffic to all assigned networks.
  • Click on 'Save changes' once you deleted rules 1 through 18.
  • Repeat this process for 'Outbound rules'
Save changes to inbound rules
  • Finally, edit the two tags named 'LastIdIngress' and 'LastIdEgress'. Click on 'Manage tags'
Edit the final tags
  • Change the value of 'LastIdIngress' and 'LastIdEgress' to 0. Click on 'Save'
Set tags to 0Return to all Tutorials
CTS-AI has been merged with Samurai XDR and is no longer supported.