As the COVID-19 situation continues to evolve and organizations are having to adjust, Alert Logic is here for you, 24/7. Learn More

Cloud Insight Essential | Authenticated scans

Answered

Comments

2 comments

  • Official comment
    Avatar
    Rich Vorwaller

    Hi Mehran,

    Apologies for the late turn around on your question. To clarify, I believe your first question is: “How do you recommend configuring the security groups so that I can allow only Cloud Insight appliances access to servers but NOT expose communication from other instances in the VPC?” Please let me know if I misunderstood your question.

    To answer your question, we recommend that you create a new security group for the instances you plan to scan with an outbound rule of “All traffic” and a destination of the security group we create for the Cloud Insight scanning instance. This security group is called “…Alert Logic Security Group..”

    This way, your instances can send any type of traffic to the Cloud Insight scanning instance (or rather the Cloud Insight security group), but your instances are not allowed to send any type of traffic to other instances or out to the internet.

    Full communication is this example means to select the traffic type of “All traffic” when you create the security group. We’ll update our docs so it’s a bit clearer on the requirement.

    The reason we need “All traffic” is this allows Cloud Insight to discover the full suite of OS, applications, and protocols that we can identify in your AWS environment. For more details on what Cloud Insight scans, you can refer to What does Cloud Insight do when it scans my infrastructure in AWS?

    However, we completely understand that you (and other customers) like to take a hardening host approach and don’t allow open ports or routes to instances, even if they’re internally hosted. For that reason, we support integration with Amazon Inspector. With this integration, instead of using our scanning instance, you can deploy Inspector via the AWS Systems Manager Agent (SSM Agent) on your instances and send the results (called Inspector findings) via a Lambda function to Cloud Insight. For more information on this integration, check out our GitHub repository.

    Hope this answers your questions, but if not please let us know.

    Thanks agian.

    Comment actions Permalink
  • Avatar
    Kirsten Flores

    Hi Mehran! We're working on getting you a quality answer to your question and will get back to you very soon. 

    0
    Comment actions Permalink

Please sign in to leave a comment.