|
1 | 1 | --- |
2 | | -title: Manage secrets with agentless secret scanning |
| 2 | +title: Manage secrets with agentless secret scanning (preview) |
3 | 3 | description: Learn how to scan your servers for secrets with Defender for Server's agentless secret scanning. |
4 | 4 | ms.topic: overview |
5 | | -ms.date: 07/18/2023 |
| 5 | +ms.date: 08/15/2023 |
6 | 6 | --- |
7 | 7 |
|
8 | | -# Manage secrets with agentless secret scanning |
| 8 | +# Manage secrets with agentless secret scanning (preview) |
9 | 9 |
|
10 | 10 | Attackers can move laterally across networks, find sensitive data, and exploit vulnerabilities to damage critical information systems by accessing internet-facing workloads and exploiting exposed credentials and secrets. |
11 | 11 |
|
12 | 12 | Defender for Cloud's agentless secret scanning for Virtual Machines (VM) locates plaintext secrets that exist in your environment. If secrets are detected, Defender for Cloud can assist your security team to prioritize and take actionable remediation steps to minimize the risk of lateral movement, all without affecting your machine's performance. |
13 | 13 |
|
14 | 14 | By using agentless secret scanning, you can proactively discover the following types of secrets across your environments: |
15 | 15 |
|
16 | | -- **Insecure SSH private keys** - supports RSA algorithm for PuTTy files, PKCS#8 and PKCS#1 standards |
17 | | -- **Plaintext Azure SQL connection strings** - supports SQL PAAS |
18 | | -- **Plaintext Azure storage account connection strings** |
19 | | -- **Plaintext Azure storage account SAS tokens** |
20 | | -- **Plaintext AWS access keys** |
21 | | -- **Plaintext AWS RDS SQL connection string** -supports SQL PAAS |
| 16 | +- **Insecure SSH private keys (Azure, AWS, GCP)** - supports RSA algorithm for PuTTy files, PKCS#8 and PKCS#1 standards |
| 17 | +- **Plaintext Azure SQL connection strings (Azure, AWS)** - supports SQL PAAS |
| 18 | +- **Plaintext Azure storage account connection strings (Azure, AWS)** |
| 19 | +- **Plaintext Azure storage account SAS tokens (Azure, AWS)** |
| 20 | +- **Plaintext AWS access keys (Azure, AWS)** |
| 21 | +- **Plaintext AWS RDS SQL connection string (Azure, AWS)** -supports SQL PAAS |
22 | 22 |
|
23 | 23 | In addition to detecting SSH private keys, the agentless scanner verifies whether they can be used to move laterally in the network. Keys that we didn't successfully verify are categorized as **unverified** in the **Recommendation** pane. |
24 | 24 |
|
@@ -68,6 +68,12 @@ Agentless secret scanning for AWS instances supports the following attack path s |
68 | 68 |
|
69 | 69 | - `Vulnerable EC2 instance has insecure secrets that are used to authenticate to an AWS RDS server`. |
70 | 70 |
|
| 71 | +### GCP instances supported attack path scenarios |
| 72 | + |
| 73 | +Agentless secret scanning for GCP VM instances supports the following attack path scenarios: |
| 74 | + |
| 75 | +- `Exposed Vulnerable GCP VM instance has an insecure SSH private key that is used to authenticate to a GCP VM instance`. |
| 76 | + |
71 | 77 | **To investigate secrets with Attack path**: |
72 | 78 |
|
73 | 79 | 1. Sign in to the [Azure portal](https://portal.azure.com). |
@@ -101,6 +107,7 @@ If a secret is found on your resource, that resource triggers an affiliated reco |
101 | 107 | - **Azure resources**: `Machines should have secrets findings resolved` |
102 | 108 |
|
103 | 109 | - **AWS resources**: `EC2 instances should have secret findings resolved` |
| 110 | + - **GCP resources**: `VM instances should have secret findings resolved` |
104 | 111 |
|
105 | 112 | :::image type="content" source="media/secret-scanning/recommendation-findings.png" alt-text="Screenshot that shows either of the two results under the Remediate vulnerabilities security control." lightbox="media/secret-scanning/recommendation-findings.png"::: |
106 | 113 |
|
@@ -130,9 +137,9 @@ The [cloud security explorer](concept-attack-path.md#what-is-cloud-security-expl |
130 | 137 |
|
131 | 138 | 1. Select one of the following templates: |
132 | 139 |
|
133 | | - - **VM with plaintext secret that can authenticate to another VM** - Returns all Azure VMs or AWS EC2 instances with plaintext secret that can access other VMs or EC2s. |
134 | | - - **VM with plaintext secret that can authenticate to a storage account** - Returns all Azure VMs or AWS EC2 instances with plaintext secret that can access storage accounts. |
135 | | - - **VM with plaintext secret that can authenticate to a SQL database** - Returns all Azure VMs or AWS EC2 instances with plaintext secret that can access SQL databases. |
| 140 | + - **VM with plaintext secret that can authenticate to another VM** - Returns all Azure VMs, AWS EC2 instances, or GCP VM instances with plaintext secret that can access other VMs or EC2s. |
| 141 | + - **VM with plaintext secret that can authenticate to a storage account** - Returns all Azure VMs, AWS EC2 instances, or GCP VM instances with plaintext secret that can access storage accounts. |
| 142 | + - **VM with plaintext secret that can authenticate to a SQL database** - Returns all Azure VMs, AWS EC2 instances, or GCP VM instances with plaintext secret that can access SQL databases. |
136 | 143 |
|
137 | 144 | If you don't want to use any of the available templates, you can also [build your own query](how-to-manage-cloud-security-explorer.md) on the cloud security explorer. |
138 | 145 |
|
|
0 commit comments