Asset Manager offers FireMon's Cloud Defense (formerly called DisruptOps) integration, which replaces the the CloudVisibility engine.
Cloud Defense is a cloud security operations platform to monitor, alert and respond to security risk across your public cloud infrastructure.
Prerequisite
To use the feature, you must have the Cloud Defense platform deployed in your AWS environment. For guidance, open a Support ticket and request "Disrupt:Ops".
FireMon Support will respond by providing you with implementation steps and login credentials. They will also help you deploy the necessary "cloudformation stack."
Configuration
- To configure this new integration, browse to Settings > Integrations > Disrupt:Ops and click Configure.
- Complete the form, entering your Disrupt:Ops credentials in the Username and Password fields (not your AWS credentials).
DisruptOps Cloud Dashboard
Navigate to Dashboards > Integrations and view your results under the DisruptOps Cloud Dashboard.
Security Group Risk
Asset Manager considers the following factors in calculating the Security Group violation:
- Wildcard in a Security Group.
- IPv4 mask is too large for a Security Group.
- Src/Dest checks disabled on an instance
- Inbound/outbound path to the public internet (direct and indirect)
Instance Inventory
Asset Manager will display AWS Instance Information including Instance ID, Public MAC Address, Public IP, VPC ID, Security Group IDs and Region. All this information can be configured into reports; combing you cloud instance information with your on-prem devices.
Map
Asset Manager's Cloud Map offers a quick view of your AWS instances.
The map can be groupe by:
- Provider
- Account
- Region
- VPC ID
The Map will only show information for which we have retrieved EC2 Instances.
