Azure CloudVisibility Dashboard
Security Group Risk
The Security Group Risk widget shows the number of policy violations associated with an Azure instance. Each row represents one instance having one or more security group violations.
| Data Type |
Description |
Example |
|---|---|---|
| Provider | Name of the cloud provider | AZURE |
| Account ID | Account number the cloud provider assigned to your company's account | ed69b797-ef18-49db-ac5b-d19ae3fa796f |
| Instance ID | Cloud provider's instance identifier | /subscriptions/ed69b797-ef18-49db-ac5b-d19ae3fa796f/resourceGroups/NEW_JERSEY_RG/ providers/Microsoft.Compute/virtualMachines/ubuntu1-nj |
| Public IP Address | IPv4 address of the instance | - |
| Public MAC Address | MAC address of the instance | - |
| Name | Name of the cloud account | ubuntu1-nj |
| Security Group Risk | The number of policy violations associated with an Azure instance. | 2 |
| Owner | Individual or group responsible for the account | QE-Asset Manager |
| Purpose | Rationale for the account | CloudVisibilityTesting |
| Contact | How to reach the account owner | slupta@firemon.com |
Asset Manager considers the following factors in calculating the Security Group violation:
- Instances that have been deployed from images in either a white list or black list.
- You have an image that was not in the white list.
- You have an image that was in the black list.
- Ports and protocols that are either in a white list or black list.
- You have a port / protocol that was not in the white list.
- You have a port / protocol that was in the black list.
- IPv4 / IPv6 that are either in a white list or black list. On this, bear in mind that IP address blocks are not sliced. If a /8 is specified in blacklist, and a /24 out of that /8 in white list, an IP address that is in that /24 will still appear as a blacklist risk.
- You have a IPv4 / IPv6 that was not in the white list.
- You have a IPv4 / IPv6 that was in the black list.
- Wildcard in a Security Group.
- IPv4 mask is too large for a Security Group.
- Src/Dest checks disabled on an instance
- Inbound/outbound path to the public internet (direct and indirect
Inbound & Outbound Path
Prospective ingress and egress paths from the cloud instance. \
| Data Type |
Description |
Example |
|---|---|---|
| Provider | Name of the cloud provider | AZURE |
| Account ID | Account number the cloud provider assigned to your company's account | ed69b797-ef18-49db-ac5b-d19ae3fa796f |
| Instance ID | Cloud provider's instance identifier | /subscriptions/ed69b797-ef18-49db-ac5b-d19ae3fa796f/resourceGroups/NEW_JERSEY_RG/ providers/Microsoft.Compute/virtualMachines/ubuntu1-nj |
| Public IP Address | IPv4 address of the instance | - |
| Public MAC Address | MAC address of the instance | - |
| Name | Name of the server instance |
ubuntu1-nj |
| Security Group Risk | The number of rule violations making instance vulnerable to network attacks | 2 |
| Owner | Individual or entity responsible for the cloud instance | QE-Asset Manager |
| Purpose | Rationale for the account | CloudVisibilityTesting |
| Contact | Contact information and preferred method of contact of the account owner | slupta@firemon.com |
Inbound & Outbound Path by Device Type
Instance Inventory
| Data Type |
Description |
Example |
|---|---|---|
| Provider | Name of the cloud provider | AZURE |
| Account ID | Account number the cloud provider assigned to your company's account | ed69b797-ef18-49db-ac5b-d19ae3fa796f |
| Instance ID | Cloud provider's instance identifier | /subscriptions/ed69b797-ef18-49db-ac5b-d19ae3fa796f/resourceGroups/NEW_JERSEY_RG/ providers/Microsoft.Compute/virtualMachines/ubuntu1-nj |
| Public IP Address | IPv4 address of the instance | - |
| Public MAC Address | MAC address of the instance | - |
| Name | Name of the server instance |
ubuntu1-nj |
| VPC ID |
Unique identifier generated by Azure to identify an Azure Virtual Private Cloud |
|
| VPC Name |
Unique name generated by Azure to identify an Azure Virtual Private Cloud |
|
| Region | Geographic area in which the instance is running |
us-east-1 |
| Security Group Risk | The number of rule violations making instance vulnerable to network attacks | [[/subscriptions/ed69b797/resourceGroups/Tejas_RG/providers/Microsoft.Network/networkSecurityGroups/UbuntuTX-nsg],] |
| Security Group ID | Identifies the group of risks | 2 |
| Owner | Individual or entity responsible for the cloud instance | QE-Asset Manager |
| Purpose | Rationale for the account | CloudVisibilityTesting |
| Contact | Contact information and preferred method of contact of the account owner | slupta@firemon.com |
| Data Type | Description | Example |
|---|---|---|
| Event Time | Time the event was recorded in Coordinated Universal Time (UTC) format | 2019-11-08T09:57:24Z |
| Username | Identifier of the person who performed the activity that triggered an event notification | AttachNetworkInterface
ModifyInstanceAttribute RebootInstances |
| Region | Geographic area in which the instance is running |
us-east-1 |
| Event Name | Event name comes from AWS | DetatchNetworkInterface |
| Event Source | From web interface rather than CLI | ec2.amazonaws.com |
| Source IP Address | From web interface rather than CLI | 152.193.0.98 |
| Data Type | Description |
|---|---|
| Security Group ID | Unique security group identifier generated by Amazon to identify a security group. |
| Description | User-populated field in AWS |
| Risks | Description of a violation |
| VPC ID |
Unique identifier generated by Amazon to identify an Amazon Virtual Private Cloud |
| IPv4 Range | The range of IPv4 address to which a rule applies |
| IPv6 Range | The range of IPv6 address to which a rule applies |
| Direction |
Indicates whether the violation occurs going outbound or inbound |
| Src Port | Origination port from which traffic to instance is allowed |
| Dest Port | Destination port to which traffic from instance is allowed |
| Protocol | The network protocol over which the traffic is allowed |