Cloud Security Posture Management Policy enablement for AWS Securlet
Article ID: 246819
Updated On:
Products
Issue/Introduction
Cloud Security Posture Management (CSPM) is a feature that was added for AWS Securlet with CloudSOC 3.149 release.
Activation/enablement of CSPM requires updates to your existing Cloud Formation Stack in AWS. The process is similar to the AWS Securlet activation.
What is CSPM?
Resolution
• From CloudSOC go to the Securlet options and select AWS in the IAAS section.
• On the right corner, click the ellipsis to open the options for your existing AWS Securlet instance and click Edit.
Under Security Feature, switch the CSPM option to on and you'll receive a message per below.
• Click the 'Download CFT' button at the bottom of the form.
• Login to AWS as an administrator and navigate to the Region for where your AWS Securlet is activated.
• Go to the Cloud Formation console (you can type this in search)
• Select your existing Cloud Formation Stack for CloudSOC (the stack name will be the name you had previously provided).
Click Update on the top right corner list of options for the stack.
• Click the option to 'Replace current template' then 'Upload a Template file' and browse to the file you downloaded per below.
• The next page provides a review of the stack details. After reviewing, click Next
Review Stack options
Acknowledge and click 'Update stack'
The update can take 10 minutes or so to complete. This can vary depending on your AWS instance.
• Go back to CloudSOC (you may need to login again). Go back to the AWS Securlet (Edit) page and ensure CSPM is Enabled.
• Click the Save button at the bottom of the form.
Go to Protect > Policies > click New > CSPM Policies
Add the Target Scope and desired CSPM benchmarks
• Review your Policy and Save
• Your initial activation of CSPM will likely yield many violations per below as this will be the initial scan.
Feedback
