Cloud scans
Cyberwatch provides scanning features on cloud infrastructures such as Amazon Web Services, Google Cloud Platform and Microsoft Azure. In particular, the CIS benchmarks for these platforms are partially supported for compliance checks.
The goal of is scans is to ensure that the configuration follows some best practices, for example by ensuring that sensitive resources are not publicly accessible.
Prerequisites
Azure compliance
- The Reader role in the Entra ID application
AWS compliance
- AWS user with IAMReadOnlyAccess policy
Add a project
To add a project, you first need to configure an API access to its platform. To do this, go to menu Stored credentials and click Add. The access key creation follows the same procedure as for assets discoveries, and likewise require read-only permissions to the resources you wish to check.
When your credentials are configured, you can add your project to Cyberwatch:
- Go to menu Assets management > Cloud, under the Assets section
- Click Add and select a platform
- Fill the form and send it
You will then be able to read the results of the compliance analysis from the inventory, or by clicking the asset’s name from the Cloud menu.