Note |
---|
Anchor Overview Overview
Overview | |
Overview |
You can use these instructions to sync your AWS account with your AMP account. Specifically, this action will sync your AMP account with AWS Security Hub where Armor will send security updates.
Note |
---|
Review Pre-Deployment Considerations
...
Before you configure your AMP and AWS account, review the following pre-deployment considerations:
Security Findings
When you sync your AMP account with AWS Security Hub, Armor will send the following information to AWS Security Hub:
Security data | Description | Number of security findings |
---|---|---|
Malware | In relation to malware, Armor communicates with AWS Security Hub on an hourly basis. If Armor detects a malware event, this information will be sent to AWS Security Hub within an hour. To learn more about Malware Protection, see Malware Protection. | The number of security findings is based on the number of virtual machines, as well as the security posture of those virtual machines. Malware is a seldom event, with only a couple events reported per day. |
Vulnerability Scanning | In relation to vulnerability scanning, Armor communicates with AWS Security Hub on a weekly basis. If Armor detects a vulnerability, this information will be sent to AWS Security Hub within a week. For vulnerabilities, Armor will only send vulnerabilities that are critical or high, based on the CVSS scoring structure. In these cases, Armor will only send vulnerabilities that contain a score of 5.5 or higher. To learn more about Vulnerability Scanning, see Vulnerability Scanning. | The number of security findings is based on the number of virtual machines, as well as the security posture of those virtual machines. For large enterprise customers, the number of vulnerabilities can range from 100 to 1,000 within a weekly time frame. |
Exchanging Account Information
To properly sync your AMP account with AWS, the Armor AWS Account will assume a role in your AWS account. To accomplish this, in AMP you will copy the Armor AWS account number and a unique external ID, and then paste into your AWS account. Afterwards, you will receive an AWS-generated ARN from the role, which you will then paste into AMP.
ASFF Types
The following table describes the ASFF-formatted finding types for the security finding that are sent to AWS Security Hub.
...
Anchor | ||||
---|---|---|---|---|
|
...
To complete these instructions, you must be able to access your AWS console.
Note |
---|
Step 1: Add your AWS account to AMP
- In the Armor Management Portal (AMP), in the left-side navigation, clickAccount.
- ClickCloud Connections.
- Click the plus ( + ) icon.
- In Account Name, enter a descriptive name.
- In Description, enter a short description.
- In Services,select the desired services.
- In IAM Role, copy theExternal ID. You will need this information at a later step.
- TheArmor's AWS Account Number andExternalIDfields are pre-populated.
- Access the AWS console.
- Under Security, Identity & Compliance, click IAM.
- In the left-side navigation, click Roles.
- Click Create role.
- Under Select role type, selectAnother AWS account.
- In Account ID, enter 679703615338.
- MarkRequire external ID.
- In field that appears,paste the External ID you copied earlier from the Armor Management Portal (AMP).
- Do not mark Require MFA.
- ClickNext: Permissions.
- Locate and mark the SecurityAudit policy.
- Locate and mark theAWSSecurityHubFullAccess policy.
- Click Next: Tags.
- ClickNext: Review.
- In Role name, enter a descriptive name.
- In Role description, enter a useful description.
- Click Create role.
- Locate and select the newly created role.
- UnderSummary, copy theRole ARNinformation.
- Return to the Cloud Connections screen in AMP.
- Paste theRole ARNinformation into the IAM Role ARN field.
- Click Save Cloud Connection.
- Once the newly added cloud connections gathers data, the instance will appear in the Virtual Machines screen.
...