Skip to content

[8.16] Updates CSPM guides to include agentless option #5863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Nov 11, 2024
Merged

[8.16] Updates CSPM guides to include agentless option #5863

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
69742e6
Updates AWS CSPM guides to include agentless option
benironside Sep 26, 2024
99c8b64
Creates placeholder for agentless integrations page
benironside Oct 2, 2024
b9a2f29
Update docs/cloud-native-security/cspm-get-started-aws.asciidoc
benironside Oct 2, 2024
02551f8
Update docs/serverless/cloud-native-security/cspm-get-started.mdx
benironside Oct 2, 2024
99d6284
Update docs/cloud-native-security/cspm-get-started-aws.asciidoc
benironside Oct 2, 2024
a9dbee8
Update docs/serverless/cloud-native-security/cspm-get-started.mdx
benironside Oct 2, 2024
fbcda4b
minor update
benironside Oct 2, 2024
75a273f
Adds agentless options to CSPM docs
benironside Oct 11, 2024
d45719b
Expand steps within the relevant sections
benironside Oct 22, 2024
8a76391
Adds serverless updates
benironside Oct 24, 2024
952df1f
Merge branch 'main' into 5606-cspm-agentless-onboard-beta
benironside Oct 28, 2024
6084b21
Merge branch 'main' into 5606-cspm-agentless-onboard-beta
benironside Oct 31, 2024
c97db47
Apply suggestions from code review
benironside Nov 1, 2024
3b81925
Merge branch 'main' into 5606-cspm-agentless-onboard-beta
benironside Nov 1, 2024
5760f6d
Merge branch 'main' into 5606-cspm-agentless-onboard-beta
colleenmcginnis Nov 6, 2024
24b1b7b
update serverless asciidoc files instead of mdx files
colleenmcginnis Nov 6, 2024
9b0f464
polishes serverless versions
benironside Nov 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions docs/cloud-native-security/cspm-get-started-aws.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,15 +38,19 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en
. Click *Add Cloud Security Posture Management (CSPM)*.
. Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account.
. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`.
. beta:[] (Optional) Click **Advanced settings** to deploy the integration using agentless technology.



[discrete]
[[cspm-set-up-cloud-access-section]]
== Set up cloud account access
The CSPM integration requires access to AWSs built-in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor[`SecurityAudit` IAM policy] in order to discover and evaluate resources in your cloud account. There are several ways to provide access.
The CSPM integration requires access to AWS's built-in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor[`SecurityAudit` IAM policy] in order to discover and evaluate resources in your cloud account. There are several ways to provide access.

For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below.

NOTE: beta:[] Agentless deployments support two authentication methods: <<cspm-use-temp-credentials, temporary keys>> and <<cspm-use-keys-directly, direct access keys>>.

[discrete]
[[cspm-set-up-cloudformation]]
=== CloudFormation (recommended)
Expand Down Expand Up @@ -208,7 +212,7 @@ image::images/cspm-aws-auth-3.png[The EC2 page in AWS, showing the Modify IAM ro
.. Click *Update IAM role*.
.. Return to {kib} and <<cspm-finish-manual, finish manual setup>>.

IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role* and leave *Role ARN* empty. Click *Save and continue*.
IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role*. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click *Save and continue*.

[discrete]
[[cspm-use-keys-directly]]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@smriti0321 I think there are a few callouts or troubleshooting guide for missing regarding Agentless Onboarding.

  • Once agentless integration has been created, then the status column which takes a few refreshes to see the updated agent count. A callout message talking about the agentless deployment experience taking a minute or two before agent is enrolled and/or ingesting data could be useful here.
  • Customer enters the wrong credentials with deployed agent. Maybe guide the customer through that experience to rectify an issue with the Edit Flow or restarting with the deletion flow then creation flow again.
  • Agent is offline or unhealthy then inform customer can still access fleets agents page or explore errors in Logs Explorer.
  • Deletion flow - warn the customer that deletion will remove resources and stop data ingestion
  • Changing the fleet server will cause breaking changes. @smriti0321 See comment.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great inputs @Omolola-Akinleye
@benironside is it possible to cover these in the FAQ for CSPM or you recommend any other place for troubleshooting agentless integrations?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the FAQ seems like a good option. Let's cover this in our next sync

Expand All @@ -222,7 +226,7 @@ IMPORTANT: You must select *Programmatic access* when creating the IAM user.
[discrete]
[[cspm-use-temp-credentials]]
=== Option 3 - Temporary security credentials
You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a security token, which is typically found using `GetSessionToken`.
You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a session token, which is typically found using `GetSessionToken`.

Because temporary security credentials are short term, once they expire, you will need to generate new ones and manually update the integration's configuration to continue collecting cloud posture data. Update the credentials before they expire to avoid data loss.

Expand Down
3 changes: 3 additions & 0 deletions docs/getting-started/agentless-integrations.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[[agentless-integrations]]
= Agentless integrations

1 change: 1 addition & 0 deletions docs/getting-started/index.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ include::security-ui.asciidoc[leveloffset=+1]
include::ingest-data.asciidoc[leveloffset=+1]
include::threat-intel-integrations.asciidoc[leveloffset=+2]
include::automatic-import.asciidoc[leveloffset=+2]
include::agentless-integrations.asciidoc[leveloffset=+2]

include::security-spaces.asciidoc[leveloffset=+1]

Expand Down
12 changes: 10 additions & 2 deletions docs/serverless/cloud-native-security/cspm-get-started.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,22 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en
1. Click **Add Cloud Security Posture Management (CSPM)**.
1. Select **AWS**, then either **AWS Organization** to onboard multiple accounts, or **Single Account** to onboard an individual account.
1. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`.
1. <DocBadge template="beta" /> (Optional) Click **Advanced settings** to deploy the integration using agentless technology.


<div id="cspm-set-up-cloud-access-section"></div>

## Set up cloud account access
The CSPM integration requires access to AWSs built-in [`SecurityAudit` IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor) in order to discover and evaluate resources in your cloud account. There are several ways to provide access.
The CSPM integration requires access to AWS's built-in [`SecurityAudit` IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor) in order to discover and evaluate resources in your cloud account. There are several ways to provide access.

For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below.

<DocCallOut title="Note">
<DocBadge template="beta" /> Agentless deployments support two authentication methods:
<DocLink slug="/serverless/security/cspm-get-started" section="option-2-direct-access-keys">Direct access keys</DocLink> and <DocLink slug="/serverless/security/cspm-get-started" section="option-3-temporary-security-credentials">Temporary keys</DocLink>.
</DocCallOut>


<div id="cspm-set-up-cloudformation"></div>

### CloudFormation (recommended)
Expand Down Expand Up @@ -222,7 +230,7 @@ Follow AWS's [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/lates
1. Return to ((kib)) and <DocLink slug="/serverless/security/cspm-get-started" section="finish-manual-setup">finish manual setup</DocLink>.

<DocCallOut title="Important" color="warning">
Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in Kibana, in the **Setup Access** section, select **Assume role** and leave **Role ARN** empty. Click **Save and continue**.
Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in Kibana, in the **Setup Access** section, select **Assume role**. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click **Save and continue**.
</DocCallOut>

<div id="cspm-use-keys-directly"></div>
Expand Down
Loading