Current supported activities/events in CASB Protect Policy engine for AWS RDS
search cancel

Current supported activities/events in CASB Protect Policy engine for AWS RDS

book

Article ID: 262631

calendar_today

Updated On:

Products

CASB Security Advanced IAAS

Issue/Introduction

When using the current CASB Protect Policy form, determine what are the available supported events/activities that will trigger a Policy.

From CloudSOC Investigate (exported to csv)

Environment

CASB+AWS Securlet

CASB-DLP integrated + AWS Securlet

Cause

Not all services in AWS are explicitly mapped to CASB's Protect Policy. 

See below for details regarding events that are covered by CASB Protect Policies and further below regarding Cloud Security Posture Management and AWS.

Resolution

Testing was performed using RDS- Aurora-MySQL as well as RDS-MSSQL.

For example (none of the activities that would trigger for 'instance' EC2's trigger when testing for RDS). 

  • Activities

Instance   (these activities do not trigger for RDS)

Launch, Reboot, Start, Terminate, Stop, Detach

 

• The following activities will trigger for RDS. These are activities/events relating to the deployment of an RDS instance which involves creating a user service account, granting roles/permissions to the instance, as well as network related activities (Security Group Ingress)

Role

Switch, Create, Delete

User

Create, Delete

  • Activities

Security Group Ingress

Revoke, Authorize

Instance Group

Add, Modify

 

• If you have a use case for a service (that isn't currently mapped) and would like to submit a Feature Request, you may open a Support case to do so. 

• For DLP integrated customers, you can use DLP's tools to build a custom Policy (such as custom data identifiers that reference a particular 'asset resource number' in combination with certain events or your desired keywords) . Note this is not within the scope of Support.

Additional Information

In addition to CASB Protect Policies for AWS Securlet, note the available security checks available for RDS via Cloud Security Posture Management (CSPM).

Types of CSPM checks:

CIS for AWS Security Best Practices:
This profile implements technical checks for securely configuring your AWS accounts as recommended by CIS Foundations benchmark for AWS v1.4.0

Security Essentials for AWS Configurations:
This profile implements technical checks for securely configuring your AWS accounts as recommended by various sources like CIS benchmarks and Broadcom's security specialists

 

sample from CSPM: