Remediation

CloudBots automatically correct compliance issues discovered in your cloud environments by CloudGuard compliance checks. You can configure your CloudGuard account to use CloudGuardCloudBots. For more information about CloudBots, see CloudBots.

Prerequisites:

To use CloudBots, you must launch the CloudBot stack on your cloud and CloudGuard accounts. For detailed instructions, see the CloudBots platform documentation.

Configuring Remediation for Intelligence

This runs the Lambda of the CloudBots on your cloud account to create CloudBots Lambda and SNS topic.

Note - For the ARNClosed Amazon Resource Names (ARNs) uniquely identify AWS resources. They are required to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. key value, in the AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. console, go to CloudFormation > Stack. Select Outputs. The key is InputTopicARN and the value is the ARN that shows.

You can add remediation for a specific rule in a ruleset or all rules in a ruleset. You limit remediation to specific environments, entities, or environments and entities.

To add a remediation rule:

  1. Navigate to CDR > Threat Monitoring > Remediation.

  2. Click Create New Remediation, in the top right.

  3. Select the rules for which the remediation applies, from the given options. You can combine the options, so the remediation applies to the combination of all the selected options.

    1. Ruleset (mandatory)

    2. A specific Rule in the ruleset (optional, if missing, all rules are implied)

    3. Select an Environment that applies the remediation to rules in the selected ruleset only when the ruleset is applied to the selected environments.

    4. A specific Entity, by its entity ID (optional, if missing, all entities are implied); this selects all rules involving the selected entities

  4. Select the CloudBot, from the list. If the CloudBot does not show, select Custom, and then add the name of the CloudBot, along with the runtime arguments. The CloudBot must be deployed in the selected environment, in the same folder as the other bots.

  5. Add a comment (mandatory) and click Save.

To delete a remediation ruleset:

  1. Navigate to CDR > Threat Monitoring > Remediation.

  2. Select one or more remediations to delete and click Delete Selected.

It is necessary to add a CloudGuard policy to the configured CloudBot. In addition, in this step, you create a notification with the SNS from Step 1.

  1. Navigate to CDR > Threat Monitoring > Polices > Add Policy.

  2. Select a cloud platform and click Next.

  3. Select the environment and click Next.

  4. From the Ruleset menu, select a ruleset and click Next.

  5. In Notifications, select Add Notification.

    It is necessary to create a specific notification for the CloudBot remediation stack in which you must enter the Topic ARN configured in the AWS console. For more information about SNS notifications, see Getting Started with Intelligence Policy.

  6. Click Save.