Account Info
See use statistics for your CloudGuard Account and your Account plan.
-
Your CloudGuard plan details - The modules included. .
-
Location of the Data Center (region) you are currently logged in to.
-
Usage statistics (for instances) - The number of billable instances for each day (during 1, 3, or 6 months).
-
Number of users on your Account.
License Activation
You can add to your CloudGuard Account more capabilities when you purchase more licenses.
To activate the license:
-
Log in to the CloudGuard portal as the Account Owner. For more information on the Account Owner, see Users & Roles.
-
Navigate to Settings > Account info > CloudGuard License Activation and enter your User Center
The Check Point User Center offers single sign-on management for all your Check Point needs:
Manage Accounts & Products
Get Support Offers
License Products
Open & manage your Service Requests
Access Downloads and product documentation
Search Technical Knowledge Center credentials.For more information on how to create a User Center account, see sk22716.
-
Click Login. You can see the list of available licenses in your Account name.
-
Select the desired license and click Activate.
The message of successful license activation appears.
Billable Assets Calculation
This section shows your cloud assets on different cloud platforms that are billable by CloudGuard when they are onboarded to CloudGuard.
The CloudGuard Posture Management license is based on the number of utilized capabilities (Posture Management, Runtime Protection, IAM Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. Safety) and the number of protected assets in your cloud environment.
The billable assets graph shows a number of billable assets in your CloudGuard Account over time. The red line is the limit defined in the license, and the blue line is the actual daily number of billable assets. You can download a summary report with this information as a CSV file.
Billing Reports
The details of your Account usage are available in the billing reports. CloudGuard provides two types of reports that you can download, if your CloudGuard permissions are set to view all system resources (Auditor Role) or greater.
Available reports:
-
Detailed Billable Assets Report is a monthly billing report. It includes information on the Account billable assets, for AWS
Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. and Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. environments, and corresponds to your monthly invoice. -
Total Billable Assets Report is a summary report for a selected period (1, 3, or 6 months). It includes information on the total number of billable assets in the account, for all onboarded environments. The blue line on the graph represents the same information.
The detailed report you download from the portal presents information for only the month before. To download a billing report for a specific month and year, use the CloudGuard API.
Detailed Report information
The report presents these details in CSV format:
-
Platform - AWS and Azure are supported.
-
Billing Entity - An entity designated as a billing authority for this billable asset.
-
Billing Entity Name - The name of the billing authority (paying entity).
-
Environment External ID / Resource group ID - The External ID for AWS environments or Resource group ID for Azure subscriptions.
-
Environment Name / Resource group name - The name of the AWS environment or Azure subscription the current asset corresponds with.
-
Asset Type - The available types: Instance, Lambda Function, RDS
Relational Database Service (RDS) - A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks., Virtual Machine, and more. -
Billable Assets Count (Peak) - The peak number of billable assets.
-
Billable Assets Count (Avg) - The average number of billable assets.
-
Billable Assets Count (Avg - Normalized) - The average number of assets after the application of a billing multiplier.
-
Billing Multiplier - The conversion rate between the actual workload in your environment and billable assets calculated by CloudGuard (see below Calculation of Billable Assets).
-
Organizational Unit Name - The organizational unit that contains the asset.
-
Active Environment - The Boolean value of True for currently active environments or False for inactive (deleted) environments.
|
|
Note - In the CloudGuard portal, you can download the Billing Report for only one full month only, that is, the previous calendar month. |
To download the Detailed Report from the CloudGuard portal:
-
In the CloudGuard portal, go to Settings > Account Info.
-
In the Billable Assets section, click Export on the upper right and select Detailed Billable Assets Report.
-
Save the file on your hard drive.
To download the Total Report from the CloudGuard portal:
-
In the CloudGuard portal, go to Settings > Account Info.
-
In the Billable Assets section, select the period for the graph and summary report.
-
On the top right, click Export and select Total Billable Assets Report.
-
Save the file on your hard drive.
To get the Detailed Report with REST API:
curl --location --request GET 'https://api.dome9.com/v2/account/billable-assets-report?month=<requested_month_of_report>&year=<requested_year_of_report>' \
--header 'accept: application/json' \
--header 'Authorization: Basic <<span class="mc-variable Vars_CG_Native.CloudGuard_product variable">CloudGuard</span> API key>:<CloudGuard API secret>'
For more information, see CloudGuard API Reference.
Known Errors
|
Error Message |
Description |
|---|---|
|
Internal Error |
CloudGuard cannot get the AWS account number because of an error. |
|
Customer managed permission error |
CloudGuard does not have permissions to collect the account details |
|
Subscription has been deleted |
The account is no longer onboarded to CloudGuard |
Calculation of Billable Assets
CloudGuard Cloud Native Application Protection Platform pricing is based on the number of utilized capabilities (Compliance/Runtime/IAM Safety) and the number of protected assets in the cloud environment.
CloudGuard Native Applications (CNAPP)
These CloudGuard CNAPP Cloud-Native Application Protection Platform - a cloud-native security model that encompasses Cloud Security Posture Management (CSPM), Cloud Service Network Security (CSNS), and Cloud Workload Protection Platform (CWPP) in a single holistic platform. services are complimentary for all supported assets:
-
Effective Risk Management (ERM)
-
Cloud Infrastructure Entitlement Management (CIEM)
-
Agentless Workload Posture (AWP)
A CNAPP license includes:
-
50 GB quote for CDR Pro
-
1 million HTTP requests for CloudGuard WAF
-
5 file emulations per month for API and Threat Emulation
CNAPP is provided with a built-in ability to analyze user account activity. 12 GB of log retention for 1 month is provided for each billable asset.
For licensing purposes, these tables show conversions from cloud capabilities / assets to CloudGuard billable assets:
CSPM
|
Workload |
Billable asset |
|---|---|
|
1 VM instance* |
1 asset |
|
1 database instance** |
1 asset |
|
60 Serverless Functions (Lambda) |
1 asset |
|
1 containers node |
3 assets |
The container posture includes container compliance, admission control and image assurance (runtime, registry and ShiftLeft The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed.). ShiftLeft scans are subject to fair use of up to 50 scans per month per node.
All nodes running containers on onboarded clusters are counted.
*AWS EC2 Amazon EC2 - A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers. (not including Micro and Nano), Azure VM (not including 0 family (A0/D0)) , GCP Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube. VM (not including F1-micro), Alibaba ECS Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes., OCI Oracle Cloud Infrastructure - cloud computing platform offered by Oracle Corporation. VM.
**AWS RDS, Azure SQL DB & SQL Servers, Ali RDS, OCI Autonomous DB
Runtime Protection
|
Workload |
Billable asset |
|---|---|
|
10M Serverless invocations (Lambda) |
1 asset |
|
1 container node |
2 assets |
All nodes running the containers runtime agent are counted.
For serverless runtime, the CP-CGD9-CNX/P-100-1Y SKU includes 200 million complimentary annual invocations and the CP-CGD9-CNX/P-25-1Y SKU includes 50 million complimentary annual invocations
Code Security
|
Workload |
Billable asset |
|---|---|
|
IAC posture scanning |
complimentary |
|
Source Code scanning |
1 asset per developer |
|
Productivity & Collaboration |
1 asset per 2 developers |
Infrastructure as code security is complementary with the Asset license.
Intelligence and Threat Hunting
Network Traffic Usage
This graph shows your usage of Traffic activity (Flow Logs) for different environments over time. It is available if you onboarded your environments to Traffic Activity with a CloudGuard Intelligence Pro license.
-
Network Traffic Usage - Amount of Flow Logs from all cloud platforms sent to CloudGuard in percent of the purchased license quota.
-
Estimated End of Quota - Estimation date based on the average of the last week's statistics.
-
Data Retention Period - Period of logs retention in CloudGuard, in days.
On the graph, click the environment name to toggle its visibility or point to a date to see the usage distribution by environments.
The offboarded environments that were included in the overall usage calculation, but did not use the quote recently are shown as Offboarded.
Account Activity Usage
This graph shows your usage of Account activity (CloudTrail) for different environments over time. It is available if you onboarded your environments to Account Activity with a CloudGuard Posture Management license.
-
Account Activity Usage - Amount of CloudTrail and similar logs from all cloud platforms sent to CloudGuard in percent of the purchased license quota.
-
Estimated End of Quota - Estimation date based on the average of the last week's statistics.
-
Data Retention Period - Period of logs retention in CloudGuard, in days.
On the graph, click the environment name to toggle its visibility or point to a date to see the usage distribution by environment.
The offboarded environments that were included in the overall usage calculation, but did not use the quote recently are shown as Offboarded.