FireMon Cloud Defense
Asset Manager offers FireMon's Cloud Defense (formerly called DisruptOps) integration, which replaces the former CloudVisibility engine.
Cloud Defense is a cloud security operations platform to monitor, alert and respond to security risk across your public cloud infrastructure.
Prerequisite
To use the feature, you must have the Cloud Defense platform deployed in your AWS environment. For guidance, open a Support ticket and request "FireMon Cloud Defense".
FireMon Support will respond by providing you with implementation steps and log in credentials.
They will also help you deploy the necessary "cloudformation stack."
Configuration
-
In Asset Manager, go to Settings > Integrations > Cloud Defense and click Configure.
- Complete the form, entering your Cloud Defense credentials in the Username and Password fields (not your AWS credentials).
- Firewall ACL rules must be open for Asset Manager to access these URLs over port 443
- https://api.prod.disruptops.com/auth/login
- https://graph.prod.disruptops.com/graphql
- https://graph-v3.prod.disruptops.com/graphql
DisruptOps Cloud Dashboard
Go to Dashboards > Integrations and view your results under the DisruptOps Cloud Dashboard.
Security Group Risk
Asset Manager considers the following factors in calculating the Security Group violation:
- Wildcard in a Security Group.
- IPv4 mask is too large for a Security Group.
- Src/Dest checks disabled on an instance
- Inbound/outbound path to the public internet (direct and indirect)
Instance Inventory
This widget will display AWS Instance Information including:
- Instance ID
- Public MAC Address
- Public IP
- VPC information
- Security Group information
- Region
All this information can be configured into reports; combing you cloud instance information with your on-prem devices.
Map
The Cloud Map offers a quick view of your AWS instances.
The map can be grouped by:
- Provider
- Account
- Region
- VPC ID
The Map will only show information for which we have retrieved EC2 Instances.