Breaking News from AWS re:Invent
Coralogix receives AWS Rising Star award!
Security Posture Management (CSPM) helps to mitigate and minimize cloud data security breaches and to assess the overall posture of the entire cloud environment against best practices and compliance standards to help remediate issues.
CSPM tools verify that cloud configurations follow security best practices and compliance standards such as CIS, Azure, and GCP benchmarks as well as PCI and HIPAA frameworks. As companies are increasingly moving to the cloud, CSPM is becoming a necessary aspect of security insights.
The CSPM can be installed using a Docker container
Coralogix GRPC endpoints
Ireland | ng-api-grpc.coralogix.com |
Stockholm | ng-api-grpc.eu2.coralogix.com |
Singapore | ng-api-grpc.coralogixsg.com |
Mumbai | ng-api-grpc.app.coralogix.in |
United States | ng-api-grpc.coralogix.us |
For each installation method, we need to pass the following environment variables:
API_KEY | Under “Send your data” on your Coralogix account |
APPLICATION_NAME | Set the application name |
SUBSYSTEM_NAME | Set the subsystem name |
COMPANY_ID | The company ID from the settings screen in your Coralogix account |
CORALOGIX_ENDPOINT_HOST | Coralogix GRPC endpoint |
CLOUD_PROVIDER | The Cloud Provider that CSPM will be deployed into in lowercase (e.g. aws, gcp, etc) |
TESTER_LIST | If specified, will run the tests on the specified service, otherwise will run tests on all the GCP services. leave empty to run all testers, otherwise, comma separated per tester name without spaces |
REGION_LIST | If specified, will check only the specified regions (For global services like IAM and DNS, make sure you add region “global”). Otherwise, the tests will be conducted in all regions. leave empty to run on all regions, otherwise, comma separated per region name without spaces |
GOOGLE_APPLICATION_CREDENTIALS | Path to credentials file inside the container |
CORALOGIX_ALERT_API_KEY | (Optional parameter) Under “Alerts, Rules and Tags API Key” on your Coralogix account. When providing this variable, a custom enrichment for failed resources will be created in Coralogix’s account at the end of each run if specified |
Note that the instance type will affect the run time, so it’s up to a personal preference and is affected by the environment size.
After prerequisites are met, download the docker image using the following command (if the following command hasn’t run, the image will still be downloaded automatically in the next step):
docker pull coralogixrepo/snowbit-cspm
In order to automate the process, use Crontab in the following manner:
Create the crontab using your favorite editor
sudo crontab -e
Inside the document, on the bottom, paste the following one-liner (note that the API_KEY and the CORALOGIX_ENDPOINT_HOST fields are mandatory)
*/10 * * * * docker rm snowbit-cspm ; docker rmi coralogixrepo/snowbit-cspm:latest ; docker run --name snowbit-cspm -d -e PYTHONUNBUFFERED=1 -e CLOUD_PROVIDER="gcp" -e COMPANY_ID=<coralogix_company_ID> -e CORALOGIX_ENDPOINT_HOST="coralogix_grpc_endpoint" -e APPLICATION_NAME="application_name" -e SUBSYSTEM_NAME="subsystem_name" -e TESTER_LIST="" -e API_KEY="send_your_data_api_key" -e REGION_LIST="" -e GOOGLE_APPLICATION_CREDENTIALS="path_to_credentials_file_in_the_container" -v <local_folder_that_contains_gcp_credentials>:<location_to_map_the_credentials_inside_the_container> coralogixrepo/snowbit-cspm
Inside the security tab in your Coralogix account, you will find the SCAN SETTINGS button: