Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Back to All Docs

Cloud Security Posture Management (CSPM) Cloud Security Posture Management (CSPM)

Last Updated: Aug. 14, 2022

Cloud Security Posture Management (CSPM) helps to mitigate and minimize cloud data security breaches and to assess the overall posture of the entire cloud environment against best practices and compliance standards to help remediate issues.

CSPM tools verify that cloud configurations follow security best practices and compliance standards such as CIS, Azure, and GCP benchmarks as well as PCI and HIPAA frameworks. As companies are increasingly moving to the cloud, CSPM is becoming a necessary aspect of security insights.

The CSPM can be installed using the following methods:

  1. Docker container
  2. Kubernetes cron job
  3. Helm chart

For each installation method, we need to pass the following environment variables:

API_KEYUnder “Send your data” on your Coralogix account
APPLICATION_NAMESet the application name
SUBSYSTEM_NAMESet the subsystem name
CORALOGIX_ENDPOINT_HOSTCoralogix GRPC endpoint
TESTER_LISTIf specified, will run the tests on the specified service, otherwise will run tests on all the AWS services
REGION_LISTIf specified, will check only the specified regions (For global services like AWS S3, IAM and Route53, make sure you add region “global”). Otherwise, the tests will be conducted in all regions.
AWS_DEFAULT_REGIONAWS default region for authentication

Coralogix GRPC endpoints

Irelandng-api-grpc.coralogix.com
Stockholmng-api-grpc.eu2.coralogix.com
Singaporeng-api-grpc.coralogixsg.com
Mumbaing-api-grpc.app.coralogix.in
United Statesng-api-grpc.coralogix.us

Installing as a Docker container

In use with ECS or a dedicated EC2 instance. The instance type will affect the run time, so it’s up to a personal preference and is affected by the environment size.

Download the docker image using the following command (if the following command hasn’t run, the image will still be downloaded automatically in the next step):

docker pull coralogixrepo/snowbit-cspm:v1.0.1

The EC2 instance/ECS Cluster should have an appropriate role attached to it with the following policy.

this custom policy provides the necessary permissions for the CSPM to fetch information from your AWS environment.

In order to automate the process, use Crontab in the following manner:

Create the crontab using your favorite editor

sudo crontab -e

Inside the document, on the bottom, paste the following one-liner (note that the API_KEY and the CORALOGIX_ENDPOINT_HOST fields are mandatory)

0 0 * * * docker rm snowbit-cspm ; docker run --name snowbit-cspm -d -e PYTHONUNBUFFERED=1 -e AWS_DEFAULT_REGION="eu-west-1" -e CORALOGIX_ENDPOINT_HOST="coralogix_grpc_endpoint" -e APPLICATION_NAME="application_name" -e SUBSYSTEM_NAME="subsystem_name" -e TESTER_LIST="" -e API_KEY="send_your_data_api_key" -e REGION_LIST="" -v ~/.aws:/root/.aws coralogixrepo/snowbit-cspm:v1.0.1

The above command will run once a day, every day at 00:00, and consists of two commands:

  • docker rm snowbit-cspm – removes the last docker container if exists
  • docker run –name snowbit-cspm [Options…] – runs a new container sequence

Installing as a Kubernetes CronJob – via kubectl

Use the following CronJob configurations:

apiVersion: batch/v1
kind: CronJob
metadata:
  name: snowbit-cspm-cronjob
spec:
  schedule: "0 0 * * *"
  successfulJobsHistoryLimit: 0
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - image: coralogixrepo/snowbit-cspm:v1.0.1
            name: snowbit-cspm-cronjob
            command: ["python3"]
            args: ["lambda_function.py"]
            env:
              - name: API_KEY
                value: "send_your_data_api_key" 
              - name: CORALOGIX_ENDPOINT_HOST
                value: "coralogix_endpoint"
              - name: APPLICATION_NAME
                value: "application_name"
              - name: SUBSYSTEM_NAME
                value: "subsystem_name"
              - name: TESTER_LIST
                value: ""
              - name: REGION_LIST
                value: ""
              - name: PYTHONUNBUFFERED
                value: "1"
              - name: AWS_DEFAULT_REGION
                value: "eu-west-1"
          restartPolicy: OnFailure

Save the above content into a .yaml file and execute the following command:

kubectl create -f Cronjob.yaml

Installation as a Kubernetes CronJob – via helm

To install via helm add the Coralogix helm repository by running the following command:

helm repo add coralogix-charts https://cgx.jfrog.io/artifactory/coralogix-charts

Then, install the helm chart by running the following command:

helm upgrade snowbit-cspm-cronjob coralogix-charts/snowbit-cspm-cronjob --install --set
 PYTHONUNBUFFERED=1 --set AWS_DEFAULT_REGION="eu-west-1" --set CORALOGIX_ENDPOINT_HOST="<coralogix_grpc_endpoint>" --set APPLICATION_NAME="<application_name>" --set SUBSYSTEM_NAME="<subsystem_name>" --set TESTER_LIST="" --set API_KEY="<send_your_data_api_key>" --set REGION_LIST="" --set schedule="0 0 * * *"

On this page