Protected Assets

This page shows a summary of your environments onboarded to CloudGuard. These assets can include, for example, compute services (such as EC2s, Lambdas, and containers), database services (such as RDSClosed Relational Database Service (RDS) - A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks., SQL DB, and BigQuery), and more. After onboarding your account, CloudGuard fetches information about these assets from the environment and presents it in the portal. In addition, CloudGuard monitors the security posture of these assets with the Compliance Engine. CloudGuard can fully protect environments that support full protection, such as AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services.. CloudGuard can actively make corrections, for example, apply or change a Security GroupClosed A set of access control rules that acts as a virtual firewall for your virtual machine instances to control incoming and outgoing traffic. policy if its configuration is incorrect.

Benefits

CloudGuard presents one view of your cloud assets, on all platforms, from which you can search or filter for specific assets of interest and see details about their security posture.

For some asset types, you can apply Security Group or IAMClosed Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. policies directly from the CloudGuard portal.

Use Cases

Here are some typical use cases for the CloudGuard Protected Assets.

Protected Assets Table

You can filter or search the protected assets table by asset type, region, VPC, and other conditions. By default, the page shows the assets grouping by Environment. For more information on grouping, see Group Arrangement.

Organize the table columns as necessary and adjust these parameters:

  • Visibility - To select which columns to see in the table, click Customize on the right. Click a parameter to add its column to the table or search for a parameter name in the internal search bar.

  • Position - To change the column's location, click the column header and drag it to a specific location.

  • Width - To change the column width, move the right separator line of its header in the desired direction. To adjust the width by the longest column value, double-click the right separator.

  • Sorting - To switch between the default, ascending or descending order of the entries, click the column header.

To restore the default settings of the table, click Reset Columns on the top right.

To make the columns fit the screen, click Autofit Columns on the top right.

Select an asset from the list to see more details. The number of details depends on the type of asset. For some assets, you can see flow logs. If your environment supports full protection mode and is managed by CloudGuard in this mode, you can change the network security settings.

You cannot set other details for your assets here; this is done in your cloud account on the cloud platform.

Actions

The primary page shows assets that are protected by CloudGuard. Use the filter to filter the list or search for assets by name in the search box.

In addition, you can see the Dashboard of your protected assets, for more details see Dashboards. The dashboard has widgets that show the distribution of your assets based on different parameters, such as region, type, environment, etc. You can change the dashboard to include specific widgets and create new custom dashboards.

Click one of the assets to see its details. For more information, see Asset Details.

You can change details for assets that are instances (EC2s on AWS or virtual machines on AzureClosed Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. or Google) if the assets are in Full Protection mode by CloudGuard.

For AWS instances:

You can add Security Group or NACL policies to AWS instances.

  1. Select an instance-type asset from the list to show details for it. You can change network settings, in the Network Security or IAM Policies tabs.

  2. Click + Attach to attach a security group or NACL to the instance from those already configured. To configure a new security group or NACL, go to Security Groups).



  3. Select the group or NACL and click Attach.

For Azure:

You can change the rules for Security Group applied to virtual machines. You cannot add or remove the Security Group itself.

  1. Click the instance from the list.

  2. Click the Subnet NSG Policy that is necessary to change and click Edit Mode (the security group must be set to Manage, not Read Only, to do this).

  3. Click Edit to change a firewall rule or Delete to delete it. See Modify an Azure Network Security Group for details about how to change Network Security Groups (NSGs).

Some assets configuration allows CloudGuard access to Flow Logs. These are marked with . Click this icon to show the Flow Logs. See VPC Flow Logs for details about controlling this view.

You can export information for protected assets to a CSV file, if your filtered view has less than 10,000 results.

  1. To select a view of the protected assets of interest, use the filter.

  2. Click Export in the top right and then select if to export the basic filtered view or the view of all assets.