| Table of Contents |
|---|
Compliance In AMP
...
In the Armor Management Portal (AMP), clicking the COMPLIANCE section link in the left hand navigation will take you to Compliance > Cloud-Posture. From here, CSPM provides a series of dashboards visible under three tabs:
...
Users can also filter by provider type if a connector has been configured for that particular provider.
...
Resources
The resources tab is a summary of all resources (AWS, Azure, GCP) that were discovered across all created reports. This tab shows a summary of controls and resources and a list of all resources discovered. Clicking on the name of the resource will open a modal showing the controls associated with that resource and additional details. This allows viewing of all failing controls (or passing) for a given resource across multiple reports.
...
Resource List
The tab is divided into two sections: a summary section and the resource list table.
...
The summary section gives you totals across all the resources on this page. As filters are applied, the summary statistics are updated.
Controls Failed - total number of failed controls across all resources
Controls Passed - total number of passing controls across all resources
Total Resources - total number of resources discovered
Accounts Monitored - total number of accounts with connectors configured
To the right of the filters there are three dots. Clicking those allows columns to be removed from the view. The name column cannot be removed from the view.
...
The resource list has the following columns:
Type - resource type based on cloud provider (instance, load balancer, s3 function, etc.)
Name - name of resource in cloud provider
Cloud Account Id - account id the resource belongs to
Last Found - timestamp of the most recent report containing this resource
Date Discovered - first time this resource was discovered
Failed - total number of failed controls for this resource
The list of resources and associated data can be exported to CSV format on the bottom left of the page.
...
Upon clicking the name of a resource, the controls evaluated modal will display. This shows all the controls across across all reports for the named resource. The information section at the top lists the same details as the main resource page: type, cloud account id, last found, date discovered and region. As filters are applied, the summary statistics are updated.
...
There are a set of filters as well as a search bar for the list. Searching works with the control and report columns. Filters can be applied to the Result or Report columns. This allows for narrowing down the data in a number of useful ways. For instance, a specific control, report and result.
The list section of the resource details modal contains:
Control - the control the resource was evaluated against
CID - this is the control id number for the report
Remediation Steps - links to the remediation steps for the control
Report - the report the control belongs to
Date Evaluated - the date the control was last evaluated
Severity - security risk associated with the control
Result - was the control passed or failed
At the bottom of the resource detail modal the list of controls and associated data can be exported to CSV. Due to the large volume of information, exporting is limited to the current selection. Setting page size to 100 allows for the maximum sized export.
...
The connector can be in one of three four states.
Online - The connector is working.
Pending - The connector was just created and we are waiting for a status updateawaiting confirmation that Qualys can connect to the account.
Refreshing - The connection was refreshed and is awaiting confirmation that Qualys can connect to the account.
Offline - The connection is not working. This could be because the permission was removed on the cloud environment side or a service interruption has occurred on the Qualys or provider side. Examples being:
AWS, GCP or Azure has a service outage.
Qualys has a service outage.
A role or permission was removed from the provider (AWS, GCP or Azure).
Policies
...
| Note |
|---|
In the event that a connector is stuck in pending or offline please follow the troubleshooting documentation. It is important that users do not simply attempt to delete and re-add a connector to resolve a bad state, as billing is determined by each active connection. |
Policies
...
The policies page displays the various policies that exist and what controls those policies contain. Mandates may include one or more policies and thus the controls in each of those policies. Policies are not editable and there is no configuration done on this page.
...
Creating a report for PCI DSS using the API
Example workflow for setting up a report to do PCI scanning for an AWS cloud environment via the API. Example calls are available in the API docs.
API Calls:
...
Armor's AWS account number and an external id will be needed. Both are used in creating the ARN Role. Hit the following endpoint to get the account number and external id
The external id and Role ARN will be needed for the next step as well.
POST Create a connector - /cspm/connector
GET List connectors - /cspm/connector
Validate that the connector shows in the list and was successfully added.
Ensure the connector is On (This may take a few minutes after creation).
Get the connector id or ids for use in the next step.
POST Create report configuration - Create the desired report for the cloud environment.
GET Report details - Get the report data (results)