Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Emad Abualjazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

Table of Contents

General

...

What is CSPM?

Cloud Security Posture Management is a tool for monitoring a cloud environment and ensuring compliance against a variety of mandates such as HIPAA or PCI Compliance.

What can CSPM not do?

  • It does not currently provide any incident management response and automated remediation.

Who is this for?

Anyone interested in securing a cloud environment.

...

Documentation on Available Mandates can be found found here.

What is a policy?

A policy is a set of configuration checks that will assess different resources collected from your cloud account. A policy is made up of controls.

What is a control?

A control is a configuration check. Each check applies to a specific service/resource. Here are some examples:

  • MFA should be enabled for console user - applies to AWS IAM Service and IAM User Resource

  • Password policy should have upper case letter enforced - applies to AWS IAM Service

  • Security group should not allow inbound access on port 22 from 0.0.0.0 - applies to EC2/VPC services and Security Group Resource

What is a resource?

A Resource is an entity that you can work with. Resources appear in CSPM if they are in scope of a control when a Report is run. Examples include an Amazon EC2 instance, IAM User, or Security Group. The following resources will be discovered after Resource discovery requires the creation of a connector.

We support controls for following AWS resources:

VPC

  • Auto Scaling Group

  • EBS Volume

  • IAM User

  • Instance

  • Internet Gateway

  • Lambda Function

  • Load Balancer

  • Network ACL

  • RDS

  • Route Table

  • S3 Bucket

  • Security Group

  • Subnet

    • Expand
    titleAWS Resources
    Click to expand

    • IAM

    • S3 Controls

    • EC2 Images

    • EBS Volumes

    • KMS Key

    • KMS Key Store

    • Load Balancers

    • EFS

    • Redis

    • Memcached

    • ES Domain

    • Route S3

    • FireHose

    • KMS

    • Directory

    We support controls for following Azure resources:

    Resource Group

  • Function App

  • Network Security Group

    • Expand
    titleAzure Resources
    Click to expand

    • Security Centre

    • Storage Accounts

    • SQL Server Database

    • SQL

    Server Database

  • Virtual Machine (virtual machines created using Resource Manager only)

  • Virtual NetworkWeb App (App Service)

    • Expand
    titleGCP Resources

    • Cloud Functions

    • Firewall Rules

    • Networks

    • Subnetworks

    • VM Instances

    • Servers

    • MySQL Server

    • PostgreSQL Server

    • Logging and Monitoring

    • Networking

    • Virtual Machines

    • Web App

    • Key Vault

    • Kubernetes

    • Azure Active Directory

    We support controls for following Google Cloud Platform (GCP) resources:

    Expand
    titleClick to expand

    • IAM & Admin

    • Logs Router

    • Logs-based metrics

    • Storage

    • Network

    • Firewall rules

    • Subnetwork

    • Cloud SQL- Mysql

    • Cloud SQL- SQL Server

    • Cloud SQL- PostgreSQL

    • Cloud Functions

    • VM Instances

    • Dataset

    • Table

    • Cloud DNS

    Pass/Fail - In an interactive report, the Control Pass/Fail displays the compliance status for a particular control.

    Control Passed - Each control is applicable to a specific resource type. For each control, applicable resources are collected. The control checks whether the particular attribute of a resource is configured as per best practices. The control is passed when the attribute that the control is checking is found configured as per the desired configuration for all the applicable resources collected.

    Control Failed - A control is considered failed when an attribute of the control being checked is not configured as per the desired configuration for any of the applicable resources collected. Resource Passed Resource is considered passed for a control if

    ...

    it's attribute is configured as per the desired configuration in the control. Resource Failed Resource is considered failed for a control if

    ...

    it's attribute is not configured as per the desired configuration in the control.

    Resource Passed - Resource is considered passed for a control if

    ...

    it's attribute is configured as per the desired configuration in the control.

    Resource Failed - Resource is considered failed for a control if

    ...

    it's attribute is not configured as per the desired configuration in the control.

    Reports

    ...

    How long are my reports retained?

    Report data is kept for 13 months.

    WhyWhy are reports restricted to being refreshed once every 4 hoursper hour?

    Due to limitations on how often API’s API's for Azure, AWS and GCP can be accessed, we have limited this to four hours one hour in order to prevent access or security issues caused by too many API calls.

    ...

    Remediation instructions are dependent on resource type and are provided in the details of the report. For more information see the Remediation section in the Reports documentation.

    After I remediate an issue, how do I see that update on my report?

    ...

    Try refreshing the connector. If that does not work, ensure the permissions or role for the connector are still in the cloud environment.

    At what level are connectors created in the cloud environments?

    They are created at the following levels:

    • AWS - account level

    • Azure - subscription level

    • GCP - project level

    Resources

    ...

    Why can't I see all of my resources in the Resources tab?

    The Resources tab only shows those resources that have been evaluated per the controls of a given mandate in the preparation of a report. If Reports do not require the evaluation of a resource, then it will not be included in the Resources tab.

    Controls

    ...

    Can I customize or disable controls?

    That is not possible at this time.

    Data Lake

    ...

    What is a data lake?

    A centralized repository that allows storage of structured and unstructured data. In this case it is used to store all data related to CSPM.

    ...

    The data lake can be used to see changes over time to reports, examine data related to specific controls or resources, or be used to create visualizations.