To index and profile network assets in a cloud infrastructure or in a combination of cloud and traditional infrastructure, Lumeta has introduced in Spectre 3.3.2, Cloud Discovery. This new discovery type will enable you to monitor a Cloud cloud network in as much detail as a typical corporate network. Spectre Cloud Discovery leverages the cloud service provider's APIs to create devices for all running instances. Cloud Discovery findings are reported in the same manner as all other Spectre Asset Manager discovery types.
Cloud credentials are encrypted within Spectre 3.3.2Asset Manager, yet are accessible to the cloud provider. This means that all APIs that return a cloud-discovery configuration, including those that export a collector configuration or system configuration, do not include cloud credential "secrets." Rather, clientSecrets and secretKeys are reported as "null" or left empty.
...
Info | ||
---|---|---|
| ||
Within AWS, users must be, at a minimum, AWS IAM group members with the AWS Policy of AmazonEC2ReadOnlyAccess. |
Prerequisites before configuring Azure Cloud Scanner.
- Follow this link to create the App Registration in the Azure Portal. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
User.Read
access is sufficient, as this permission is assigned to the app registration by default.Copy the secret Key (Not secret ID) somewhere safe. You will need it for the below steps & It won't show up again when you leave the AZ Portal.
- Browse to the Overview blade of your newly created App Registration.
- Copy the Application (client) ID & Directory (tenant) ID to a Notepad.
- Follow the steps in Configuring Cloud Discovery instructions to enter the credentials.
Configuring Cloud Discovery
...
- Browse to Settings > Zones.
- Select the zone and collector you want to perform Cloud discoveryDiscovery.
Click the Cloud tab.
Cloud discovery is initially disabled by default.Click Edit and to open the Edit Cloud Discovery Configuration dialog box.
Select the Enable Cloud Discovery checkbox.
Click Update.
The configuration is saved.Click Credentials.
You can drag and drop or Upload your cloud credentials as a plain text file, ordered as you would have them read by
SpectreAsset Manager (i.e., top will be read first). You may download a sample file to see the formatting.
Save your results and exit. Cloud Discovery starts immediately.
...
AWS Parameters
- Alias:
- Cloud Credential Type: AWS
- Access Key:
- Secret Key:
Regions (optional):
Service Name: ec-2
Azure Parameters
- Alias:
- Cloud Credential Type: Azure
- Resource Groups (optional):
- Client ID:
- Tenant ID:
- Client Secret:
- Subscription ID: