Remediation with CloudBots

CloudBots automatically correct compliance issues that are discovered in your cloud accounts by CloudGuard compliance checks. You can configure your CloudGuard account to use CloudGuard CloudBots.

On the Posture Management > Remediation page, you can configure remediation steps for specific rules in your rulesets.

You must deploy CloudGuard CloudBots in the cloud accounts, to which remediation steps are applied. See https://cloudbots.dome9.com/ for details.

CloudBots

CloudGuard CloudBots are small programs or scripts that act on the account or cloud asset to correct missing or misconfigured settings, for example, to close Security Groups that are too open. They are invoked by CloudGuard when compliance rules fail.

CloudGuard CloudBots work only with rules that are invoked from Continuous Compliance policies and not from manually-invoked compliance policies.

CloudBots provide:

  • Active protection of your cloud environment

  • Reduction in the workload on the enterprise cloud IT team, by performing remedial actions on misconfigured cloud assets and accounts automatically

  • The response time to remedy a problem is reduced, reducing the window of exposure to risk as a result of the misconfiguration.

  • Since CloudBots work with continuous compliance assessments, your cloud environments are assessed repeatedly, so any changes (as a result of unintentional or unauthorized access to the cloud assets) are detected and corrected almost immediately.

  • CloudBots reliably apply the same correction to misconfigurations of the same type. That is, correcting an account policy misconfiguration is the same for all accounts. In addition, a full audit trace can be kept of all actions, so you are aware of changes that are applied.

You can add a remediation for a specific rule in a ruleset, or for all rules in ruleset. You limit a remediation to specific environments, entities, or environments and entities.

  1. Navigate to the Remediation page in the Posture Management menu.

  2. Click Create New Remediation, in the upper right.

  3. Select the rules for which the remediation applies, from the given options. The options can be combined, and the effective rules on which the remediation applies are the combination of all the selected options.

    1. a Ruleset (mandatory)

    2. a specific Rule in the ruleset (optional, if missing, all rules are implied)

    3. a specific Entity, by its entity ID (optional, if missing, all entities are implied); this selects all rules involving the selected entities

    4. a specific Cloud Account, this applies the remediation to rules in the selected ruleset only when the ruleset is applied to the selected cloud accounts.

  4. Select the CloudBot, from the list. If the cloudbot is not in the list, select Custom, and then add the name of the cloudbot, along with the runtime arguments. The cloudbot must be deployed in the selected cloud account, in the same folder as the other bots.

  5. Add a comment (optional) and then click Save.

  1. Navigate to the Remediation page in the Posture Management menu.

  2. Hover over the remediation that you wish to delete and click .