Automatic Remediation with CloudBots

CloudBots automatically correct compliance issues discovered in your cloud environments by CloudGuard compliance checks. You can configure your CloudGuard account to use CloudGuard CloudBots.

On the Posture Management > Remediation page, you can configure remediation steps for specific rules in your rulesets.

You must deploy CloudGuard CloudBots in the cloud environments, to which you want to apply remediation steps. See https://cloudbots.dome9.com/ for details.

CloudBots

CloudGuard CloudBots are small programs or scripts in Python that act on the account or cloud asset to correct missing or misconfigured settings. For example, they can close Security Groups that are widely open. CloudGuard invoke CloudBots when compliance rules fail.

CloudBots work only with rules invoked from Continuous Posture policies and not from manually-invoked Posture Management policies.

For some rules, CloudGuard recommends you to use one of the predefined CloudBots or create your own CloudBot in case of the rule violation. For other rules, you can use only your custom CloudBots.

CloudBots provide:

  • Active protection of your cloud environment

  • Reduction in the workload on the enterprise cloud IT team, by performing remedial actions on misconfigured cloud assets and environments automatically

  • Reduced response time to remedy a problem, to shorten the window of exposure to risk as a result of the misconfiguration

  • Since CloudBots work with continuous posture assessments, your cloud environments are assessed repeatedly, so any changes (as a result of unintentional or unauthorized access to the cloud assets) are detected and corrected almost immediately

  • Reliable application of the same correction to misconfigurations of the same type. That is, correcting an environment policy misconfiguration is the same for all environments. In addition, a full audit trace can be kept of all actions, so you are aware of the applied changes

You can add a remediation for a specific rule in a ruleset or for all rules in a ruleset. You limit a remediation to specific environments, entities, or environments and entities.

To add a remediation for a specific rule:

  1. Navigate to the Rulesets page in the Posture Management menu.

  2. Open the ruleset that contains the rule to which you want to apply a remediation.

  3. Use the Filter and Search toolbar to find the rule.

  4. Click Add to add a predefined CloudBot recommended by CloudGuard. If no recommendation exists, click Add CloudBot to create a new custom CloudBot and add it.

    The Edit Remediation window opens with the selected rule and ruleset.

  5. Select the remediation parameters. You can combine the options, so the remediation applies to the combination of all the selected options.

    1. Environment that applies the remediation to rules in the selected ruleset only when the ruleset is applied to the selected environments.

    2. Entity, by its entity ID (optional, if missing, all entities are implied); this selects all rules that contain the selected entities

  6. For rules with a recommended remediation, the CloudBot appears in the field. For rules without recommendations, select the CloudBot from the list. If the CloudBot is not in the list, select Custom, and then add the name of the CloudBot, along with the runtime arguments. The CloudBot must be deployed in the selected environment, in the same folder as the other bots.

  7. Add a comment (mandatory field) and click Save.

To add a remediation for all rules in a ruleset:

  1. Navigate to the Remediation page in the Posture Management menu.

  2. Click Create New Remediation, in the upper right.

  3. Select the rules for which the remediation applies, from the given options. You can combine the options, so the remediation applies to the combination of all the selected options.

    1. a Ruleset (mandatory)

    2. a specific Rule in the ruleset (optional, if missing, all rules are implied)

    3. a specific Environment that applies the remediation to rules in the selected ruleset only when the ruleset is applied to the selected environments.

    4. a specific Entity, by its entity ID (optional, if missing, all entities are implied); this selects all rules involving the selected entities

  4. Select the CloudBot, from the list. If the CloudBot is not in the list, select Custom, and then add the name of the CloudBot, along with the runtime arguments. The CloudBot must be deployed in the selected environment, in the same folder as the other bots.

  5. Add a comment (mandatory) and click Save.

  1. Navigate to the Remediation page in the Posture Management menu.

  2. Select one or more remediations that you want to delete and click Delete Selected.