FireMon Asset Manager
Page tree

Versions Compared

Old Version 1

changes.mady.by.user user-0d7db

Saved on

compared with

New Version Current

changes.mady.by.user Michael Hess

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Structured the parameters for AWS and Azure near the bottom of the page.

To index and profile network assets in a cloud infrastructure or in a combination of cloud and traditional infrastructure, Lumeta has introduced in Spectre 3.3.2, Cloud Discovery.  This new discovery type will enable you to monitor a Cloud cloud network in as much detail as a typical corporate network. Spectre Cloud Discovery leverages the cloud service provider's APIs to create devices for all running instances. Cloud Discovery findings are reported in the same manner as all other Spectre Asset Manager discovery types.

Cloud credentials are encrypted within Spectre 3.3.2Asset Manager, yet are accessible to the cloud provider.  This means that all APIs that return a cloud-discovery configuration, including those that export a collector configuration or system configuration, do not include cloud credential "secrets." Rather, clientSecrets and secretKeys are reported as "null" or left empty.

...

Info
titleAWS Permissions

Within AWS, users must be, at a minimum, AWS IAM group members with the AWS Policy of AmazonEC2ReadOnlyAccess.

Prerequisites before configuring Azure Cloud Scanner. 

  1. Follow this link to create the App Registration in the Azure Portal. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
  2. User.Readaccess is sufficient, as this permission is assigned to the app registration by default. 
  3. Copy the secret Key (Not secret ID) somewhere safe. You will need it for the below steps & It won't show up again when you leave the AZ Portal. 
  4. Browse to the Overview blade of your newly created App Registration.
  5. Copy the Application (client) ID & Directory (tenant) ID to a Notepad.
  6. Follow the steps in Configuring Cloud Discovery instructions to enter the credentials. 

Configuring Cloud Discovery

...

  1. Browse to SettingsZones.
  2. Select the zone and collector you want to perform Cloud discoveryDiscovery.

  3. Click the Cloud tab.
    Cloud discovery is initially disabled by default.

  4. Click Edit and to open the Edit Cloud Discovery Configuration dialog box.

  5. Select the Enable Cloud Discovery checkbox. Image Removed
     

  6. Click Update.
    The configuration is saved.

  7. Click Credentials.Image Removed

  8. You can drag and drop or Upload your cloud credentials as a plain text file, ordered as you would have them read by

    Spectre

    Asset Manager (i.e., top will be read first). You may download a sample file to see the formatting.

  9. Save your results and exit. Cloud Discovery starts immediately.  

 
Image Modified

...


AWS Parameters
  1. Alias:
  2. Cloud Credential Type: AWS
  3. Access Key: 
  4. Secret Key: 

  5. Regions (optional): 

  6. Service Name: ec-2

Azure Parameters
  1. Alias:
  2. Cloud Credential Type: Azure
  3. Resource Groups (optional):
  4. Client ID:
  5. Tenant ID:
  6. Client Secret:
  7. Subscription ID: